Recent root-giving Sudo bug also impacts macOS


A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed.

The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users.

Qualys researchers discovered that they could trigger a “heap overflow” bug in the Sudo app to change the current user’s low-privileged access to root-level commands, granting the attacker access to the whole system.

Read more…
Source: ZDNet