2 matches found
CVE-2025-10016 Local Privilege Escalation in Sparkle Autoupdate Daemon
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...
CVE-2025-10016 Local Privilege Escalation in Sparkle Autoupdate Daemon
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...