Latest macOS Big Sur also has SUDO root privilege escalation flaw

Annoyingly, I only updated my MacBook yesterday…:

Recently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet. […]

To demonstrate the claim, the researcher Matthew Hickey (Hacker Fantastic), the co-founder of Hacker House coded a simplistic Proof-of-Concept (PoC) exploit of under ten lines that can enable standard macOS users to elevate their privileges to root.

CVE-2021-3156 PoC exploit for macOS
CVE-2021-3156 PoC exploit for macOS
Source: Pastebin

PoC exploits for the Baron Samedit vulnerability have also been published for Ubuntu and other Linux distributions.

IBM AIX Unix distros also remain vulnerable to Baron Samedit.

Hickey told BleepingComputer he had reported the vulnerability to Apple but that it is not fixed yet in the most recent macOS Big Sur version 11.2. Hickey further told us that it is not possible for macOS users to upgrade SUDO themselves due to Apple’s System Integrity Protection security feature.


Original Article