Expert Advise On Latest macOS Root Privilege Escalation Flaw

A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet. This bug will allow the standard users to execute applications with root privileges. This vulnerability is patched on Linux platform but no fix is yet available for macOS.

Experts Comments

February 04, 2021
Jonathan Knudsen
Senior Security Strategist
Synopsys

Recently, researchers discovered that the privilege escalation vulnerability CVE-2021-3156, also known as Baron Samedit, affects macOS, including the latest available version. By itself, a privilege escalation vulnerability might not be especially dangerous for most users. It could only be exploited if an attacker already has access to your computer, either locally or through a remote shell.

 

Chained together with one or more other exploits, however, the risk of CVE-2021-3156 could

.....Read More

Recently, researchers discovered that the privilege escalation vulnerability CVE-2021-3156, also known as Baron Samedit, affects macOS, including the latest available version. By itself, a privilege escalation vulnerability might not be especially dangerous for most users. It could only be exploited if an attacker already has access to your computer, either locally or through a remote shell.

 

Chained together with one or more other exploits, however, the risk of CVE-2021-3156 could be multiplied. If an attacker exploits another vulnerability to run code as a regular user, then they can trivially run the exploit for CVE-2021-3156 to gain administrative access, allowing them to take complete control of your computer. macOS users are advised to apply updates from Apple as soon as the fix for CVE-2021-3156 is available. In the meantime, try to avoid risky situations. Keep your other software up to date, don’t click on dodgy links, don’t click on email attachments unless you’re confident about their origins, disable network services you are not using, and so forth.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.