26 matches found
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
Shirt Pocket SuperDuper! security vulnerability
Shirt Pocket SuperDuper! is a data backup, disk cloning, and recovery tool for macOS systems developed by Shirt Pocket. Versions of Shirt Pocket SuperDuper! 3.11 and earlier contain security vulnerabilities. These vulnerabilities stem from the default task templates being susceptible to...
Exploit for Improper Access Control in Shirt-Pocket Superduper\!
CVE-2025-61229 Description From the developer's blog:...
CVE-2025-61228
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...
CVE-2025-61229
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-57489
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
EUVD-2025-200026
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...
EUVD-2025-200025
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
EUVD-2025-200027
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
CVE-2025-61228
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...
CVE-2025-61228
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...
CVE-2025-61229
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-57489
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
CVE-2025-57489
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
Shirt Pocket SuperDuper! 安全漏洞
Shirt Pocket SuperDuper! is a data backup, disk cloning and recovery tool for macOS from Shirt Pocket. A security vulnerability exists in version v3.10 of Shirt Pocket SuperDuper! that stems from improper access control of the SDAgent component, which could result in elevated privileges to root...
PT-2025-48484
Name of the Vulnerable Software and Affected Versions Shirt Pocket SuperDuper! versions 3.10 and earlier Description An issue exists that allows a local attacker to execute arbitrary code via the software update mechanism. Recommendations Update to a version later than 3.10...
CVE-2025-61228
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...
Shirt Pocket SuperDuper! 安全漏洞
Shirt Pocket SuperDuper! is a data backup, disk cloning and recovery tool for macOS from Shirt Pocket. A security vulnerability exists in Shirt Pocket SuperDuper! V.3.10 and earlier versions that originates from a local attacker who can execute arbitrary code via the software update mechanism...
CVE-2025-61228
CVE-2025-61228 affects Shirt Pocket SuperDuper! versions 3.10 and earlier. The issue allows a local attacker to execute arbitrary code via the software update mechanism. The available sources indicate the vulnerability exists in pre-3.11 builds; mitigation is to update to version 3.11 (or later)....
CVE-2025-57489
Technical details for CVE-2025-57489 are not publicly available in the provided connected documents. Monitor for updates.