A British security researcher has discovered that a recent security flaw in the Sudo app also impacts the macOS, and not just Linux and BSD, as initially believed, according to ZDNet.
Sudo (su “do”) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. The recent version of macOS ships with the Sudo app.
The vulnerability, disclosed last week as CVE-2021-3156 (aka “Baron Samedit”) by security researchers from Qualys, impacts Sudo. Matthew Hickey, co-founder of Hacker House, tweets that he tested the CVE-2021-3156 vulnerability and found that with a few modifications, the security bug could be used to grant attackers access to macOS root accounts.
He says he’s notified Apple about the issue. However, the company “declined to comment as it investigates the report; however, even without an official confirmation from the Cupertino-based tech giant, a patch is most likely expected for such a serious issue,” according to ZDnet.
The accompanying images is courtesy of Will Dormann.