Security researcher Matthew Hickey found that a previously identified vulnerability (CVE-2021-3156) in Sudo utility also affects macOS, not just Linux and BSD as previously thought.

The buffer overflow vulnerability, identified as CVE-2021-3156 and named Baron Samedit, has existed in Sudo since July 2011 and affects all versions of the utility over the past ten years.

It is now known that the issue also affects the latest version of macOS as the OS comes with a Sudo application. According to Hickey, the vulnerability could be used to provide attackers with access to macOS root accounts. Hickey reported that the problem could be exploited in the latest version of macOS.

In addition, other researchers found that the vulnerability could also be exploited on IBM AIX systems.

Source: securitylab.ru