Threat Watch

macOS Sudo Vulnerability Update

As an update to a previous story, Apple has released updates to patch the vulnerability found in Sudo, disclosed by Quays on January 15th, 2021. It was quickly discovered that this vulnerability also affected macOS devices as many applications have been ported from Linux to macOS. Once a simple POC was published, it became increasingly important that Apple release an update to implement the patched version of Sudo. On February 9th Apple released a cumulative update for macOS devices and pressed users to update devices as soon as possible due to the vulnerability’s criticality. 


As mentioned previously, this bug has severe consequences for an attacker with a foothold as a low privilege user or a malicious insider threat to gain higher privileges. As of the time of writing, there are Proof of Concept (PoC) exploits publicly available. It is highly recommended to update all macOS devices with available updates to macOS Big Sur 11.2.1, Catalina 10.15.7 Supplemental Update*, or Mojave 10.14.6 Security Update 2021-002. To verify the current version of sudo run sudo -V.