Over the years, we've seen a number of scary Linux-based exploits make the spotlight. Just a few days ago, when the researchers over at Qualys disclosed a privilege escalation vulnerability in the “Sudo” program, they predicted that the bug might impact other operating systems of the Unix family. Well, they were right: security researcher Matthew Hickey has confirmed that the CVE-2021-3156 vulnerability (AKA "Baron Samedit") can easily be adapted to gain root access on Apple macOS.

The underlying foundation of macOS is based on Darwin, which itself uses various elements of the FreeBSD operating system. Therein lies the problem, as common Unix utilities such as sudo and sudoedit are consequently present out-of-the-box in a vanilla macOS installation. What's problematic about this revelation is that an official fix is not yet available from Apple. That means even the new ARM-based M1 Macs are vulnerable to the attack vector.

Unlike regular Linux distributions, there is no straightforward way for macOS users to replace the system's sudo binary with a patched one because of Apple's System Integrity Protection feature. Keep in mind that even applying Apple's latest security update (released on February 1), which consists of macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave, isn't enough to remediate the vulnerability. As a result, the whole macOS ecosystem still remains vulnerable to Baron Samedit.

We hope Apple publicly acknowledges the serious issue and is transparent in its plans to fix it. Apart from macOS, CVE-2021-3156 also impacts the latest version of IBM AIX and Solaris, making it one of the most catastrophic local privilege escalation vulnerabilities discovered to date.