Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

Voltar à Visão geral dos comunicados de segurança
High
CVE
CVE-2021-25264
Updated:
Produto(s)
Intercept X Endpoint
ID da publicação sophos-sa-20210507-ix-macos-lpe
Versão do artigo 1
Primeira publicação
Solução alternativa No

Overview

A local privilege escalation vulnerability in Sophos Endpoint products for MacOS was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed.

Sophos would like to thank Csaba Fitzl (@theevilbit) of Offensive Security for responsibly disclosing this issue to Sophos.

The remediation prevented local users from executing arbitrary code with administrator privileges. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.

There is no action required for customers, as updates are installed automatically by default.

Applies to the following Sophos product(s) and version(s)

  • Sophos Intercept X Endpoint (Central) for MacOS version 10.0.3 and prior versions
  • Sophos Intercept X Endpoint (OPM) for MacOS version 9.10.1 and prior versions
  • Sophos Home for MacOS version 10.0.3 and prior versions

Remediation

  • Fix included in Intercept X Endpoint (Central) for MacOS version 10.0.4 released March 4, 2021
  • Fix included in Intercept X Endpoint (OPM) for MacOS version 9.10.2 released March 4, 2021
  • Fix included in Sophos Home for MacOS version 10.0.4 released May 4, 2021

Related Information

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25264