The setpermissions function in the auto-updater in Arq prior to 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
# Arq Backup from Haystack Software is a great application for backing up macs and
# windows machines Unfortunately versions of Arq for mac before 597 are
# vulnerable to a local root privilege escalation exploit
# The updater binary has a "setpermissions" function which sets the suid bit and
# root ownership on itself but it suffers from a ra ...