Arq for Mac Privilege Escalation via Crafted Update URL
CVE-2017-16928 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
Learn more about our User Device Pen Test.