The patch for 10 years old SUDO vulnerability is now available
Today, Apple released security update to the macOS big Sur 11.2, mac OS Catalina 10.15.7 and macOS Mojave 10.14.6. With that the SUDO CVE-2021-3156 vulnerability, disclosed last month has now been fixed.
The vulnerability in the macOS Big Sur, Catalina and Mojave allowed local users to gain root-level privileges on multiple Linux distributions, including Debian, Ubuntu and Fedora 33.
Earlier when the vulnerability was disclosed, sudo contributors released the fix for the CVE-2021-3156 vulnerability. However, as Matthew Hickey, the co-founder of Hacker House, discovered that vulnerability still affected after this.
Here is what his takes on today’s Apple released the Sudo vulnerability’s fix:
“Everyone should apply this update as a priority as attackers have had over a week to work on their attacks. This update addresses the vulnerability which could be used to execute code with root privileges.”
In addition to the fix for Sudo Vulnerability, the update also fixes two arbitrary code execution vulnerabilities in Intel graphic drivers.
Because of the severity of these vulnerabilities, the users are strongly recommended to install the latest security updates released as soon as possible.