Root Access Sudo Bug Found to Affect macOS Big Sur
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet).
The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access. This can give an attacker access to the entire system. An attacker would need to gain low-level access to a system first to be able to exploit the bug, such as via planted malware.
Sudo is part of many Unix-like systems, including macOS, but it was initially unknown if the vulnerability affected Mac machines since it was only tested by Qualys on Ubuntu, Debian, and Fedora. Security researcher Matthew Hickey has now confirmed that the most recent version of macOS, macOS Big Sur 11.2 can be subject to the sudo attack.
Last week, there was speculation that the macOS Big Sur 11.2 update may address the sudo vulnerability, though it was not definitively known at the time if the bug would affect macOS. While it was found that sudo was left unchanged in macOS Big Sur 11.2, it is now clear that macOS is affected by the exploit.
With some minor modifications, Hickey found that the sudo bug could be used to grant attackers access to macOS root accounts, and the discovery has now been verified by Carnegie Mellon University vulnerability analyst Will Dormann.
Apple has reportedly been notified of the CVE-2021-3156 vulnerability, and due to the severity of the issue, a patch will likely be released soon.
Popular Stories
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself.
Here's the case for Apple releasing a truly all-screen iPhone with no...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025:
Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update.
Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September.
Below, we recap the key...
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed.
Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles."
If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup.
If you skipped the iPhone...
Apple may have updated several iPads and Macs late last year and early this year, but there are still multiple new devices that we're looking forward to seeing in 2025. Most will come in September or October, but there could be a few surprises before then.
We've rounded up a list of everything that we're still waiting to see from Apple in 2025.
iPhone 17, 17 Air, and 17 Pro - We get...
Apple today released iOS 18.4.1 and iPadOS 18.4.1, minor updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.4.1 and iPadOS 18.4.1 come two weeks after the launch of iOS 18.4 and iPadOS 18.4.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.
There have been complaints about ...
Apple today updated its vintage products list to add the 2018 Mac mini and the iPhone 6s, devices that will get more limited service and repairs now that they are considered vintage.
The iPhone 6s initially launched in 2015, but Apple kept it around as a low-cost device until 2018, which is why it is only now being added to the vintage list. The iPhone 6s had Apple's A9 chip, and it was...
Apple today released macOS Sequoia 15.4.1, a minor update to the macOS Sequoia operating system that launched in September. macOS Sequoia 15.4.1 comes two weeks after the launch of macOS Sequoia 15.4.
Mac users can download the macOS Sequoia update through the Software Update section of System Settings. It is available for free on all Macs able to run macOS 15.
According to...
