Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.

Last month, security researchers at Qualys disclosed the SUDO CVE-2021-3156 vulnerability, aka Baron Samedit, that allowed them to gain root privileges on multiple Linux distributions, including Debian, Ubuntu, and Fedora 33.

The sudo contributors fixed the vulnerability before the researchers disclosed it. However, Matthew Hickey (Hacker Fantastic), the co-founder of Hacker House, discovered that the vulnerability still affected a fully patched macOS Big Sur installation.


Today, Apple released security updates for macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 that fix the sudo vulnerability.

Apple patch notes
Apple patch notes

Hickey has confirmed with BleepingComputer that the latest Apple security updates fix the vulnerability and that Apple users should apply the update as soon possible.

“Everyone should apply this update as a priority as attackers have had over a week to work on their attacks. This update addresses the vulnerability which could be used to execute code with root privileges,” Hickey told BleepingComputer.

In addition to the sudo fix, today’s updates also fix two arbitrary code execution vulnerabilities in Intel graphics drivers.

Due to the severity of the vulnerabilities, it is strongly advised that macOS users install the security updates as soon as possible.