Skip to main content

Superduper

4 CVEs product

Monthly

CVE-2025-69604 HIGH This Week

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. [CVSS 7.8 HIGH]

Privilege Escalation Apple Superduper
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61229 HIGH This Week

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Privilege Escalation Apple Superduper
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61228 HIGH This Week

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism

RCE Superduper
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-57489 HIGH This Week

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.

Authentication Bypass Superduper
NVD
CVSS 3.1
8.1
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. [CVSS 7.8 HIGH]

Privilege Escalation Apple Superduper
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Privilege Escalation Apple Superduper
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism

RCE Superduper
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.

Authentication Bypass Superduper
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy