A decade-old flaw found in the Sudo tool could lead to root access on Unix-based systems, including macOS Big Sur and earlier versions.
In January, security researchers disclosed a new vulnerability that can affect Unix-based operating systems. The exploit is identified as CVE-2021-3156, heap-based buffer overflow in Sudo. The exploit appears similar to a previously patched flaw called CVE-2019-18634.
The researchers at Qualys identified the exploit in Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). They say it can affect other operating systems and distributions running the affected version of Sudo. All legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 are affected.
The researchers note that users will need access to the computer to run the exploit. The exploit has existed for at least 10 years, however this is the first known documentation of it.
Read more at AppleInsider.com