Arq
Monthly
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.