Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,098
13,723


The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo-bug-macos.jpg

According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.


Article Link: macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug
 
  • Like
Reactions: Morod and benshive

macrtist67

macrumors newbie
Jul 23, 2002
3
1


The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo-bug-macos.jpg

According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.


Article Link: macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug
Hoping & praying that a fix will come to allow my MBP to work off the battery....as soon as I updated to Big Sur...my battery says 1% contact service...now it only works when its plugged in....so much for portability :)
 
  • Disagree
Reactions: lkrupp
Comment

neuropsychguy

macrumors 65816
Sep 29, 2008
1,443
2,514
Last edited:
Comment

Realityck

macrumors 65816
Nov 9, 2015
1,251
1,576
Silicon Valley, CA
Terrific if it also fixes that sudo security vulnerability besides the issue that could prevent the battery from charging in some 2016 and 2017 MacBook Pro models. :cool:
 
Comment

TriBruin

macrumors regular
Jul 28, 2008
222
477
Now if it could just come standard with allowing us to use TouchID instead of typing our password.

You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.

 
Comment

svanstrom

macrumors 6502a
Feb 8, 2002
787
1,723
🇸🇪
You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.
Yup; I tend to get around to doing that only after getting annoyed a bit after every update, though. 😆

Edit:
Image 2021-02-09 at 21.10.jpg
 
Last edited:
Comment

vysyus

macrumors newbie
Jan 27, 2008
13
4
Anyone else having kernel panics when installing? Tried twice already on my MacBook Pro 16. Fortunately, it boots back to 11.2
 
Comment

Robert.Walter

macrumors 68000
Jul 10, 2012
1,676
1,856
Hoping & praying that a fix will come to allow my MBP to work off the battery....as soon as I updated to Big Sur...my battery says 1% contact service...now it only works when its plugged in....so much for portability :)
With a battery issue like that, sounds more like Bug Sur. 😊
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.