Linux and macOS PCs hit by serious Sudo vulnerability
Sudo scare part deux, as another flaw is found by an Apple security expert
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Linux andmacOSsystems have been hit by a nasty little bug in the Sudo utility, although the good news is it has already been patched.
Sudo is a tool that provides a specified user permissions above their normal levels, including root (administrative) access, but by leveraging this security flaw, it’s possible a low-privileged user (or malware) could get unauthorized root access, and thus potentially wreak all sorts of havoc on the host system.
AnApplesecurity expert, Joe Vennix, discovered the bug, and it’s not the first he has pinned down. Back in October 2019, Vennix drew attention toanother Sudo flaw that potentially allowed any user to run commands as root.
Memory problems
The fresh vulnerability (codenamed CVE-2019-18634) relates to Sudo incorrectly handling memory operations when the ‘pwfeedback’ option is enabled in the Sudoers configuration file, asThe Hacker Newsreports. Essentially, when a password is requested, this security measure can be bypassed via a large input that triggers a buffer overflow.
Now, it’s often the case that pwfeedback isn’t enabled by default, but someoperating systemdo have it active off-the-bat in Sudo – for example Linux Mint.
Further note that the buffer overflow flaw only affects Sudo versions previous to 1.8.26. Sudo has already been patched to defend against the exploit with version 1.8.31 (versions 1.8.26 onwards are safe anyway, as the result of another previous change – even though the bug is still present, it can’t actually be leveraged).
Apple also released a patch for macOS on January 28 to fix the problem, and it’s available for macOS High Sierra 10.13.6, Mojave 10.14.6, and Catalina 10.15.2.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaApple Insider
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - ‘I Know What You Did Last Supper’ - was published by Hachette UK in 2013).
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet
