The sudo command is well known to Linux users. It allows you to gain administrator access on the computer and, consequently, to perform many operations to modify the system in depth. But Unix-powered devices aren't the only ones that provide this command, since computers with macOS also use it. This means that if a flaw in the control itself exists, Mac owners will also be affected .
This is precisely the case with a flaw discovered last week by Qualys security researchers, which they dubbed CVE-2021-3156 . They first inspected Linux systems, and especially Ubuntu, Debian and Fedora distributions. Today, they claim that the flaw also affects all Macs , even the most recent ones that have updated to macOS Big Sur . And there is cause for concern: a hacker can in theory trigger a “heap overflow” by modifying the command's original variables, and thus gain administrator access to the system.
A FLAW ENDANGERS ALL MACS
We are therefore far from this annoying bug blocking users on the screensaver . By taking full rights on their victim's Mac, hackers can easily install malware, recover sensitive data or even make the computer completely out of control . Qualys researchers explain that, to do this, he only has to access the commands by downloading a malicious application, or by forcing passage on insecure systems.
For now, the various patches deployed by Apple can do nothing against this important flaw . The researchers said they informed the firm of the problem. The latter declined to comment. But it's a safe bet that it will find a solution quickly, as it often does when a security breach is exposed. This was particularly the case with the last update of iOS 14.4 which fixed three security issues .
Source: ZDNet