Apple finally patches this dangerous macOS security flaw

Mac users are safe once more

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas patched the critical vulnerability affecting theSudoapplication on macOS devices. Although an update had already been released for the other affected operating systems, themacOS versionof the security bug remained exploitable until now.

The sudo app is used by administrators to grant root access to other users. However, earlier this month, it was discovered that it was vulnerable to a privilege escalation attack that would allow a low-privilege user to gain root-level access either by injecting malware or carrying out a brute force attack.

Initially, it was believed that this sudo vulnerability only affected Linux and BSDoperating systemsbut researcher Matthew Hickey then discovered that the bug, tracked asCVE-2021-3156, could be exploited on mac devices as well with just a few minor tweaks.

Priority patches

However, it hasn’t taken long for Apple to patch the SudomacOS application. A security update for macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 is now available and should be applied as a priority.

Individuals with devices running the sudo app that want to check whether they are at risk from the CVE-2021-3156 vulnerability, whether they are running Linux, macOS, or BSD operating systems, can run the command “sudoedit -s /”. If the system remains vulnerable, it will respond with an error message starting with “sudoedit:” while a patched system will respond with an error that starts with “usage:”.

In addition to patching the sudo vulnerability, fans ofApple antivirusnews will be pleased to hear that the new security update also fixes two arbitrary code execution flaws affectingIntelgraphics drivers.

ViaBleeping Computer

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’