Skip to main content

New Security Vulnerability Affects Current Mac OS Users

By February 18, 2021May 11th, 2022Cybersecurity

Not long ago, a critical flaw in Linux SUDO was discovered and is being tracked as CVE-2021-3156.

Given the nickname “Baron Samedit,” it’s a flaw in a Unix program that allows system admins to provide root level privileges to any users listed in the “sudoers” file.

More disturbing, however, is the fact that just over a week from the time this piece was written, researchers stumbled across the fact that the Sudo privilege escalation also impacts the latest version of macOS, Big Sur 11.2.

Linux developers have already moved to patch the issue in various Linux distros, including Debian, Fedora, and Ubuntu, which are three of the most popular. However, there is currently no fix yet for macOS, and no ETA for when one will be released. Apple has proven to be quite responsive in the face of issues like these, however, so the smart money says it won’t be long.

Security researcher Matthew Hickey put together a simple proof of concept that shows how the exploit works which is standard practice in situations like these, but it does mean that the clock is ticking. Even if the exploit wasn’t being actively used by hackers before, with a step-by-step blueprint in hand, you can bet that it’s just a matter of time.

Matthew Hickey points out that it’s not possible for Mac users to take matters into their own hands and attempt to upgrade SUDO manually because Apple’s System Integrity Protection system prevents this. IBM notes that there is not yet a patch for the AIX Unix distribution at this time, which is one of the few builds, other than macOS that are not yet protected against this flaw. So if you use either of those, be aware that you are facing a period of vulnerability and watch for the fix, which should be released soon.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.