They said that are UNIX-like operating systems are also impacted, but most security researchers thought the bug might impact BSD, another major OS that also ships with the Sudo app. In their report last week, Qualys researchers said they only tested the issue on Ubuntu, Debian, and Fedora. In January, security researchers disclosed a new. The only condition to exploit this bug was that an attacker gain access to a system, which researchers said could be done by either planting malware on a device or brute-forcing a low-privileged service account. A decade-old flaw found in the Sudo tool could lead to root access on Unix-based systems, including macOS Big Sur and earlier versions. Qualys researchers discovered that they could trigger a 'heap overflow' bug in the Sudo app to change the current user's low-privileged access to root-level commands, granting the attacker access to the whole system. Two of the vulnerabilitiesthe same ones addressed in last week’s updates to Apple’s other operating systemsmay have been actively exploited in the wild.
#Rootgiving sudo bug impacts macos update
The security vulnerability, identified last week as 'CVE-2021-3156' by the Qualys. If those bugs don’t seem earth-shattering, that’s because the focus of the macOS 11.2 update seems to have been on security, with 43 security fixes.
From a report: The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet ). The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users.
A British security researcher has discovered this week that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed.
0 kommentar(er)
