Skip to main content

Apple patches Sudo bug in macOS Big Sur 11.2.1, supplemental updates for Catalina and Mojave

Apple today released macOS Big Sur 11.2.1 to the public, alongside supplemental updates for macOS Catalina 10.15.7 and macOS Mojave 10.14.6. In addition to a fix for MacBook Pro charging issues, the update also brings a notable security fix for a Sudo bug that was reported last week.

As we explained last week, the Sudo bug could allow an ordinary user to gain root access to a Mac, though an attacker would also need to combine with malware or a brute-force attack to gain user access in the first place. ZDNet explained the vulnerability:

The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Qualys researchers discovered that they could trigger a “heap overflow” bug in the Sudo app to change the current user’s low-privileged access to root-level commands, granting the attacker access to the whole system

Apple says that today’s update to macOS Big Sur 11.2.1, as well as the supplemental updates for macOS Catalina 10.15.7 and macOS Mojave 10.14.6, include a fix for the bug. Apple published the following details on its support website:

  • Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6
  • Impact: A local attacker may be able to elevate their privileges
  • Description: This issue was addressed by updating to sudo version 1.9.5p2.
  • CVE-2021-3156: Qualys

The updates to macOS Catalina and macOS Big Sur also include two other security fixes:

Intel Graphics Driver

  • Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: An out-of-bounds write was addressed with improved input validation.
  • CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver

  • Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

You can now update your Mac to the latest version of macOS by heading to the Software Update menu in the System Preferences app.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications