Attacker would need to have login on the machine.
It's a bug that elevates privileges.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Root Access Sudo Bug Found to Affect macOS Big Sur
- Thread starter MacRumors
- Start date
- Sort by reaction score
It's a bug that elevates privileges.
This has been one of my favorites.
Doesn't work with my wife.
Not exhaustively; static analysis and run-time analysis tools do exist; but they have limitations.
Can someone please explain the 'root' cause of this? 😄
Used to use this to gain root access on work computers over a decade ago. Then I got fired. Live and learn.
Yes, you can delete su but it's better just to get the patch. Removing su could break other software on your computer so only do it if you're really sure what you're doing. Sudo can also be removed but I don't recommend it either.
Example: https://unix.stackexchange.com/questions/426012/how-do-you-uninstall-the-sudo-command
macOS security is top notch, pretty sure you need to input your password for most malware hacks, not all though so theoretically...yes.
Last edited:
Thanks for the link. I agree that the patch is best, but what do you do while awaiting the patch? And, since this impacts all older versions of macOS what about machines running OSs that are no longer patched? Upgrading to get patched isn't always an option.
Sigh ... if I must. The "root" cause is someone can "administer" themselves as an "owner" making them a PsEudo god with "permissions". It's like "hosting" an "A+ WRX", it's fun but very dangerous in the wrong hands behind the "wheel".
Damn it, I'm such a nerd.
Except that Apple's care and updating of its BSD core is non-existent. If they were routinely updating to the latest, scanning for vulnerabilities, etc. then yeah they should get a pass. But they don't and so Apple should get all the blame.
Mojave and Catalina are both affected as well.
It is fascinating that, despite the three RCs for 11.2, Apple did not care enough to update sudo to a patched version. Can someone with more knowledge explain? Am I missing something here?
The headline and article summary only mention Big Sur. That is absolutely terrible and irresponsible writing from MacRumors.com. It will give Mac users that are not on Big Sur a false sense of security.
I already use some system-level utilities from MacPorts in place of the macOS versions (like rsync). I wonder if they have fixed versions of su and sudo (whichever one is the problem) that could be used to replace the macOS versions until the Apple patch comes out. Or, in the case of older OS versions, forever.
Yeah.
Poor reporting on MacRumors' part.
If you read the ZDNet article that is listed as the source (Link), which was written today, you'll see that "
A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed."
So, the flaw was discovered last week. But they didn't know if macos was affected or not since the researchers who initially found the bug only tested a few Linux distributions. A different researcher confirmed today (2/3/21) that macos is also affected.
Also, according to that same article, "The researcher said he notified Apple of the issue earlier today."
So, Apple was only notified today about the flaw. So they could not have patched the vulnerability earlier than that. And the original researchers who discovered the flaw in the first place probably didn't make Apple aware of the vulnerability before today either.
Yeah.
Poor reporting on MacRumors' part.
If you read the ZDNet article that is listed as the source (Link), which was written today, you'll see that "
A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed."
So, the flaw was discovered last week. But they didn't know if macos was affected or not since the researchers who initially found the bug only tested a few Linux distributions. A different researcher confirmed today (2/3/21) that macos is also affected.
Also, according to that same article, "The researcher said he notified Apple of the issue earlier today."
So, Apple was only notified today about the flaw. So they could not have patched the vulnerability earlier than that. And the original researchers who discovered the flaw in the first place probably didn't make Apple aware of the vulnerability before today either.
I am glad this has come to light. I am not overly concerned as I practice safe computing and don't download unknown files. Most of what I download is from the App Store or videos.
As a trillion dollar company, this is something Apple should have been aware of, regardless. ZDNet does not reside in some dark corner of the Internet. It's a major news publication site for their industry. Shotty work.
