Arq for Mac Privilege Escalation via Crafted Update URL

Arq for Mac Privilege Escalation via Crafted Update URL

CVE-2017-16928 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.

Learn more about our User Device Pen Test.