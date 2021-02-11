Apple’s latest update fixes three security flaws, including the one that allows you to obtain administrator rights due to a bug in the sudo program.

Apple has just released an update for macOS Big Sur 11.2.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. This update fixes the security flaw that was discovered in the sudo program, which goes to version 1.9.5p2:

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed by updating to sudo version 1.9.5p2.

CVE-2021-3156: Qualys

The flaw was initially discovered in Linux, but also affects other Unix-like OS, including macOS, with a slight modification.

CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid = 0. Fun for @ p0sixninja pic.twitter.com/tyXFB3odxE – Hacker Fantastic 📡 (@hackerfantastic) February 2, 2021

By typing certain commands, it was possible to cause a memory overflow in the sudo program. This bug allows to obtain higher privileges and, for example, to become a system administrator.

Apple indicates in its newsletter that the update also fixes two security holes in the driver for the Intel graphics chip. These flaws could allow a hacker to execute code on the machine with the same rights as those of the OS kernel.

Source : Bleeping Computer