Apple has fixed a serious security flaw that threatens all supported versions of macOS, one week after the flaw was made public.
The vulnerability, detailed in a February 3 report, allows remote attackers or malware to completely take over the system. The attacker or malware would first have to access the Mac using some other method, which is not that difficult.
To update your Mac, click on the Apple icon in the upper left corner of the desktop screen and select System Preferences from the drop-down menu. Next, click on the Software Update icon on the selection screen. A notification may appear letting you know that a new update is available.
Once the update is complete, you should be running macOS Big Sur 11.2.1, macOS Catalina 10.15.7, or macOS Mojave 10.14.6. If you are running macOS High Sierra 10.13 or earlier, you may have an older version does not fix this very serious flaw, it is time to upgrade to a newer version of macOS.
The vulnerability, dubbed "Baron Samedit" by its discoverers, involves the "sudo" command found in almost all Unix-derived operating systems, including macOS and Linux.
Sudo temporarily grants full system access, or "root," to a user who already has administrative privileges; with root, the user can make almost any change to the operating system, and even administrative users usually privileges. Ordinary users without administrative privileges do not normally have access to sudo.
Baron Samedit, first released for Linux in late January, circumvents this privilege hierarchy. It allows users without administrator privileges to obtain root without using an administrator password. Thus, an e-mail attachment or web link opened by a non-administrative user could potentially hijack a machine.
Major Linux distributions fixed this vulnerability before it became public knowledge. However, while it initially appeared that macOS was immune to the Baron Samedit flaw, a security researcher soon discovered a simple workaround that allowed Macs to exploit the flaw as well.
Comments