Threat Watch

Sudo Bug Impacts macOS

A security researcher discovered a security flaw in the Sudo app that impacts the latest macOS operating systems and other operating systems. Sudo allows a system administrator to give certain users (or groups of users) the ability to run some or all commands with root privileges while logging all commands and arguments. The vulnerability (tracked as CVE-2021-3156) by researchers from Qualys originally released this bug last week with thoughts that it only affected Linux based systems. According to the original report, to exploit this flaw an attacker would either have to plant malware on a device or brute-forcing a low-privileged service attack. Matthew Hickey, the co-founder of hacker house, stated that he tested the vulnerability, and to trigger it, someone must overwrite or create a symlink, which therefore exposes to the same local root vulnerability that plagued Linux users last week. Researchers notified Apple of the issue and Apple has yet to comment on the issue. With an issue this severe, a patch is most likely expected.

ANALYST NOTES

Network administrators are highly recommended to watch for security patches and apply them as soon as possible. It would also be advised that if the Sudo app is not used, it should be disabled on all systems.

Source Article: https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/?&web_view=true