Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Apple has fixed a severe security flaw that threatened all supported versions of macOS, one week after the flaw was publicly disclosed.
The vulnerability, detailed in our report on February 3, permits full system takeover by remote attackers or malware. The attackers or malware would have to first use other methods to first gain access to a Mac, but that's not as hard as it sounds.
- Scam apps reportedly hit Apple App Store — what to avoid
- The best Mac antivirus programs
- Plus: Beware links to Discord's website — it could be malware
To update your Mac, click the Apple icon at the top left of your desktop screen and select System Preferences from the drop-down menu. Then click the Software Update icon in the selection screen. You may also get notifications that a new update is available.
After the update is finished, you should be running macOS Big Sur 11.2.1, macOS Catalina 10.15.7 or macOS Mojave 10.14.6. If you're running macOS High Sierra 10.13 or earlier, it's time to upgrade to a newer version of macOS because the older versions aren't fixing this very serious flaw.
Beating back the Baron
The vulnerability, called "Baron Samedit" by its discoverers, has to do with the "sudo" command found on almost all Unix-derived operating systems, including macOS and Linux.
Sudo temporarily gives full system access, or "root," to users who already have administrative privileges. With root, a user can make almost any change to the operating system, which is why even admin users don't normally have such powers. Regular users without admin privileges normally can't access sudo.
Baron Samedit, first disclosed on Linux in late January, gets around this privileges hierarchy. It lets any user, even one without admin rights, gain root without using an admin password. Because of this, an email attachment or a web link opened by a non-admin user could end up taking over a machine.
The major Linux distributions fixed the vulnerability before it was publicly revealed. But while it initially looked like macOS might be immune to the Baron Samedit flaw, a security researcher soon found an easy workaround that made exploiting the flaw possible on Macs.
