Improper Privilege Management in Backblaze for Windows and macOS: Local Privilege Escalation via Rogue Client Update Binary

Improper Privilege Management in Backblaze for Windows and macOS: Local Privilege Escalation via Rogue Client Update Binary

CVE-2020-8290 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

Learn more about our Cis Benchmark Audit For Apple Macos.