Sudo app has patched the vulnerability last week, and Apple delivered an update as well this Monday, February 1, 2021. Hickey's discovery has been independently confirmed by Patrick Wardle, one of the leading macOS experts these days, as well as Will Dormann, a vulnerability analyst from the CERT Coordination Center at the Carnegie Mellon University. New Apple Security Patch Likely to Roll Out Soon "To trigger it, you just have to overwrite argv or create a symlink, which therefore exposes the OS to the same local root vulnerability that has plagued Linux users the last week or so," Hickey said in an interview with the news outlet. The news comes from Matthew Hickey, the co-founder of Hacker House and a security expert, who tested the same Baron Samedit vulnerability and found that the bug could be exploited with just a few modifications that could grant attackers root-level access to Mac devices. Now, it turns out that the latest version of macOS, an Apple-exclusive operating system, also ships with the Sudo app, which means the latest version could also be affected by the root-giving bug exploit. Read Also: Second SolarWinds Chinese Hack Exploits Different Flaw, Allegedly Spying on US Payroll Agency Recent macOS Versions Affected Nevertheless, they also believe there are UNIX-like systems that have been affected. What's even more surprising is that the bug has apparently been around for a decade already as it has been introduced into the Sudo code in July 2011, impacting all Sudo versions to have come out in the past ten years.īased on the report by Qualys researchers last week, they have only tested the bug exploit on Fedora, Ubuntu, and Debian and that the bug would most likely affect BSD, which is an operating system that is often shipped with Sudo. Unfortunately, this could be done easily by infecting the system with malware, or they could brute-force low-privileged service accounts. Attackers don't require much to pull out the attack, as there is only one condition needed to exploit the bug: the attacker should have access to the system they want to hack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |