Nasty Linux, macOS sudo bug found and fixed

1415

A vulnerability has been discovered in ‘Sudo,’ a powerful utility used in the Linux and macOS Terminal, one that could allow for users with restrictive privileges or malicious software to be able to run commands with administrative-level privileges, which could result in the loss or theft of user data in unpatched Macs. According to sudo developer Todd C. Miller, the bug can be observed “by passing a large input to sudo via a pipe when it prompts for a password.” As the attacker has “complete control of the data used to overflow the buffer,” this means there is a “high likelihood of exploitability.”

[Source: AppleInsider/ZDNet]