CVE-2017-16928

2018-01-31T20:29:00
ID CVE-2017-16928
Type cve
Reporter cve@mitre.org
Modified 2019-10-03T00:03:00

Description

The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.