New Security Vulnerability Affects Current Mac OS Users - Olmec Skip to main content

New Security Vulnerability Affects Current Mac OS Users

By February 18, 2021May 11th, 2022Cybersecurity

Not long ago, a critical flaw in Linux SUDO was discovered and is being tracked as CVE-2021-3156.

Given the nickname “Baron Samedit,” it’s a flaw in a Unix program that allows system admins to provide root level privileges to any users listed in the “sudoers” file.

More disturbing, however, is the fact that just over a week from the time this piece was written, researchers stumbled across the fact that the Sudo privilege escalation also impacts the latest version of macOS, Big Sur 11.2.

Linux developers have already moved to patch the issue in various Linux distros, including Debian, Fedora, and Ubuntu, which are three of the most popular. However, there is currently no fix yet for macOS, and no ETA for when one will be released. Apple has proven to be quite responsive in the face of issues like these, however, so the smart money says it won’t be long.

Security researcher Matthew Hickey put together a simple proof of concept that shows how the exploit works which is standard practice in situations like these, but it does mean that the clock is ticking. Even if the exploit wasn’t being actively used by hackers before, with a step-by-step blueprint in hand, you can bet that it’s just a matter of time.

Matthew Hickey points out that it’s not possible for Mac users to take matters into their own hands and attempt to upgrade SUDO manually because Apple’s System Integrity Protection system prevents this. IBM notes that there is not yet a patch for the AIX Unix distribution at this time, which is one of the few builds, other than macOS that are not yet protected against this flaw. So if you use either of those, be aware that you are facing a period of vulnerability and watch for the fix, which should be released soon.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.