Improper Privilege Management in Backblaze for Windows and macOS: Local Privilege Escalation via Rogue Client Update Binary
CVE-2020-8290 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
Learn more about our Cis Benchmark Audit For Apple Macos.