Tech Facts

A serious loophole in macOS gives attackers admin rights: Patch should follow

Security - icon image

macOS Big Sur is affected by a serious security flaw. By exploiting them, code can be executed with root rights, which means that the entire system is effectively open to an attacker. It is unclear why Apple has not already fixed this gap with macOS Big Sur 11.2, because the lead time was long enough in principle.

There is a serious security hole in macOS Big Sur. The CVE-2021-3156 vulnerability was recently discovered in the command line tool sudo. With sudo, a logged-in user can execute individual actions or code under another user, including an administrator. The present vulnerability therefore also allows code to be executed with root rights, in this way an attacker gains complete freedom on a system. The loophole in sudo was initially found and closed in various Linux distributions; it was only later confirmed that macOS, a Unix-like operating system, is also susceptible to it. In order to exploit the vulnerability, low-threshold system access must first exist, for example through malware that users have caught on the network.

A quick patch is expected

Previously, however, it was suspected that Apple had already taken care of this vulnerability: macOS Big Sur 11.2 had a rather long beta phase behind it, at the end of which the release candidate appeared in three versions. It was suspected that RC3 had solved the sudo problem, but this is not the case, as security experts are now beyond doubt approved to have.

Apple is aware of the problem, and given its severity, a patch can be expected soon.

Source link

Most Popular

To Top
India and Pakistan’s steroid-soaked rhetoric over Kashmir will come back to haunt them both clenbuterol australia bossier man pleads guilty for leadership role in anabolic steriod distribution conspiracy