Apple has just released an update for macOS Big Sur 11.2.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. This update fixes the security vulnerability that was discovered in the sudo program, which is upgraded to version 1.9.5p2:
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed by updating to sudo version 1.9.5p2.
The flaw was initially discovered in Linux, but also affects other Unix-like OS, including macOS, with a slight modification.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid = 0. Fun for @ p0sixninja pic.twitter.com/tyXFB3odxE
– Hacker Fantastic 📡 (@hackerfantastic) February 2, 2021
By typing certain commands, it was possible to cause a memory overflow in the sudo program. This bug allows to obtain higher privileges and, for example, to become a system administrator.
Apple says in its bulletin that the update also fixes two security holes in the driver for the Intel graphics chip. These flaws could allow a hacker to execute code on the machine with the same rights as those of the OS kernel.
Source : Bleeping Computer