macOS

Originally discovered in Linux, this is a flaw in the sudo command (CVE-2021-3156), which allows other commands to be executed with full rights, and also affects Mac security using a method called heap overflow which attacks the cache, Qualys researchers discovered how to use sudo without password to gain computer administrator rights

The vulnerability has been around for at least 10 years, but it was only recently discovered to be exploited. It requires system access, which limits direct risks, even if the villain can rely on the installation of malware to achieve his goals. buts.

According to ZDNet reports, Many security researchers have confirmed flaws in Mac devices (Intel et Apple Silicon), including macOS Big Sur 112 released this week after contacting the site, Apple declined to comment, but we imagine the fix is ​​Ongoing Configuration

To be boring: Linux is a kernel, sudo is a command found in many Unix-like distributions but not in all Linux kernel-based distributions 🤓😉

Joking aside on the name of the operating system is almost a political question, and I'm a GNU fan. / Linux, Richard Stallman vit 😃😉

It's always impressive to have a buffer overflow to control this level of sensitivity and it's relatively old. 🤯

@ YetOneOtherGit: “In the world of Unix, sudo is a relatively new thing 😉
The very old in this universe is really the oldest »

The widespread use of sudo in Linux distributions (sorry, “GNU / Linux”) is relatively recent but Sudo itself is forty years old (like many things, luckily he didn't wait for Linux), what does not. didn't make him a young man, even in the Unix world

But then, it is true that this defect is relatively recent with all this
Who knows ? We could one day discover a vulnerability that has existed since the first versions of sudo 🙂

Buildings certainly are, but they remained very marginal in all Unix families until at least in the years 1990

@ YetOneOtherGit: “The building is indeed, but it remained very marginal in all Unix families until at least the 1990s”

It was mainly on BSD, but it was there and so it is not “relatively new” 😛 😀

I have a very fuzzy memory because it has already been used in NeXTStep, but it is very likely that I am involved in something else

“It was mainly on BSD, but it exists and therefore it is not” relatively new ” 😛 😀 “

I was using Sun OS which was BSD and I don't have sudo memory as standard (I still have the classification block in the basement where all human content is printed) there I have to check it

“But then, it is true that this defect is relatively recent with all this”

Yes, and here is one of the pbs: few people can care about the safety of an essential and reliable tool

The case of entering the session password also arose when pressing the delete key 28 or 29 time (or something like that), MacGe mentioned it some time ago

No risk of this kind of defect for the moment! Fortunately with Covid-19, the majority of thugs find it difficult to distance themselves socially

Physics is about getting away from people. Anyway, you only need to see a section for sale to see that it is not
Only our loved ones are far from them, therefore social relations seem fairer.

Really?
Remember the 6 January: a group of rabid thugs stormed the Capitol building, apparently social distancing was their least feared.
They did not hesitate to confiscate the computers that came into their hands.

What, by the way, brings a new color to the concept of attack by “force brute”

With the concept of protection against stupidity, the mass of his nut with his face exposed was an ode to Darwinism 😉

It is really time to remove the most controlled programs written in C and replace them with an unsafe language

Can you develop for beginners like me?
It's pretty sure what I've always heard

Non, It is not at all safe from a memory management point of view
Simply because the tools he provides for this are very basic and almost all of this management is the responsibility of the developer, who suddenly has a lot of freedom and who is paid with a lot of responsibility.
As long as you do not run out of memory allocated for the process, you can read and write anything anywhere without being reminded of the request.

This has created countless problems for decades at best, you end up with a crash process (because he ended up trying to access memory outside of its allocated space) In the worst case, we have a security hole like this , or data corruption

Most recently created programming languages ​​have used a more sophisticated approach to memory management., offering more protection against programming errors of this type
But there is a lot of C code written every day, which is constantly updated So we have not finished seeing this kind of problem

I can only agree with you on these results, and by God I produced volumes of C

I am amazed to discover that unfortunately many young people still see C as a sacred cup imagined with an aura made of myths

It's not spit on K&R nor on the language that has accompanied me for a long time

CCPAP recognized online press service number 0924 W 93490 All rights reserved

Version 13 Reset private data settings

sudo, macOS, Apple, THE, Computer, Macintosh, Linux

News – FR – A bug in sudo allows controlling a Mac

Source: https://www.macg.co/macos/2021/02/une-faille-dans-sudo-permet-de-prendre-le-controle-du-mac-119455

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/