Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
56,944
19,774


The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo-bug-macos.jpg

According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.


Article Link: macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug
 
  • Like
Reactions: Morod and benshive

macrtist67

macrumors newbie
Jul 23, 2002
3
1


The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo-bug-macos.jpg

According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.


Article Link: macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug
Hoping & praying that a fix will come to allow my MBP to work off the battery....as soon as I updated to Big Sur...my battery says 1% contact service...now it only works when its plugged in....so much for portability :)
 
  • Disagree
Reactions: lkrupp

neuropsychguy

macrumors 68000
Sep 29, 2008
1,716
3,548
Last edited:

Realityck

macrumors 601
Nov 9, 2015
4,393
6,049
Silicon Valley, CA
Terrific if it also fixes that sudo security vulnerability besides the issue that could prevent the battery from charging in some 2016 and 2017 MacBook Pro models. :cool:
 

TriBruin

macrumors 6502
Jul 28, 2008
338
717
Now if it could just come standard with allowing us to use TouchID instead of typing our password.

You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.

 

svanstrom

macrumors 6502a
Feb 8, 2002
787
1,740
??
You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.
Yup; I tend to get around to doing that only after getting annoyed a bit after every update, though. ?

Edit:
Image 2021-02-09 at 21.10.jpg
 
Last edited:

vysyus

macrumors newbie
Jan 27, 2008
17
6
Anyone else having kernel panics when installing? Tried twice already on my MacBook Pro 16. Fortunately, it boots back to 11.2
 

Robert.Walter

macrumors 68020
Jul 10, 2012
2,388
3,042
Hoping & praying that a fix will come to allow my MBP to work off the battery....as soon as I updated to Big Sur...my battery says 1% contact service...now it only works when its plugged in....so much for portability :)
With a battery issue like that, sounds more like Bug Sur. ?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.