UPDATED 22:13 EST / FEBRUARY 03 2021

SECURITY

Linux root exploit vulnerability found to also affect macOS

A recently discovered root exploit vulnerability in Linux has been found to affect Apple Inc.’s macOS as well.

The vulnerability allows for an attacker to trigger a so-called heap overflow in Sudo, a program for Unix-like computer operating systems. It allow users to run security privileges of another user in order to gain access to other accounts on the operating system to which they shouldn’t otherwise have access.

Researchers at Qualysis Inc. first identified the vulnerability Jan. 26 and said that they had found it in Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) and Fedora 33 (Sudo 1.9.2) but also noted that it may affect other operating systems. Matthew Hickey, the co-founder of Hacker House, has since discovered that the vulnerability also affects macOS Big Sur, demonstrating Tuesday on Twitter how he was able to exploit it.

“To trigger it, you just have to overwrite argv[0] or create a symlink, which therefore exposes the OS to the same local root vulnerability that has plagued Linux users the last week or so,” Hickey told ZDNet today.

MacOS has its roots in Unix and includes Sudo support, hence why it’s also vulnerable. Exactly how many versions of macOS are vulnerable, however, is unknown. The Sudo vulnerability itself is believed to have existed for at least 10 years before being discovered. That means that potentially macOS versions going back as far OS X 10.7 Lion released in 2011 or even earlier versions may also be exposed to the vulnerability.

Apple has so far not commented on the report. Linux distributors are in the process of patching the vulnerability and it’s likely that Apple will follow suit.

“By itself, a privilege escalation vulnerability might not be especially dangerous for most users,” Jonathan Knudsen, a technical evangelist at electronic design automation company Synopsys Inc., told SiliconANGLE. “It could only be exploited if an attacker already has access to your computer, either locally or through a remote shell.”

Chained together with one or more other exploits, though, that risk could be multiplied, he added. “If an attacker exploits another vulnerability to run code as a regular user, then they can trivially run the exploit for CVE-2021-3156 to gain administrative access, allowing them to take complete control of your computer,” he said,

MacOS users should apply updates from Apple as soon as the fix for the vulnerability is available, he advised. “In the meantime, try to avoid risky situations,” he said. “Keep your other software up to date, don’t click on dodgy links, don’t click on email attachments unless you’re confident about their origins, disable network services you are not using and so forth.”

Image: Apple

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU