The arq_updater binary in Arq 5.10 and previous versions for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haystacksoftware arq |