Apple fixes SUDO root privilege escalation flaw in macOS


Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.

Last month, security researchers at Qualys disclosed the SUDO CVE-2021-3156 vulnerability, aka Baron Samedit, that allowed them to gain root privileges on multiple Linux distributions, including Debian, Ubuntu, and Fedora 33.

The sudo contributors fixed the vulnerability before the researchers disclosed it. However, Matthew Hickey (Hacker Fantastic), the co-founder of Hacker House, discovered that the vulnerability still affected a fully patched macOS Big Sur installation.

Read more…