A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet. This bug will allow the standard users to execute applications with root privileges. This vulnerability is patched on Linux platform but no fix is yet available for macOS.
<p><span lang=\"EN-US\">Recently, researchers discovered that the privilege escalation vulnerability CVE-2021-3156, also known as Baron Samedit, affects macOS, including the latest available version. By itself, a privilege escalation vulnerability might not be especially dangerous for most users. It could only be exploited if an attacker already has access to your computer, either locally or through a remote shell.</span></p> <p> </p> <p><span lang=\"EN-US\">Chained together with one or more other exploits, however, the risk of CVE-2021-3156 could be multiplied. If an attacker exploits another vulnerability to run code as a regular user, then they can trivially run the exploit for CVE-2021-3156 to gain administrative access, allowing them to take complete control of your computer. macOS users are advised to apply updates from Apple as soon as the fix for CVE-2021-3156 is available. In the meantime, try to avoid risky situations. Keep your other software up to date, don’t click on dodgy links, don’t click on email attachments unless you’re confident about their origins, disable network services you are not using, and so forth.</span></p>