2 matches found
CVE-2017-16895
Summary: CVE-2017-16895 affects Arq 5.x on macOS, where the helper apps — arq_updater, arqcommitter, standardrestorer, arqglacierrestorer, and arqs3glacierrestorer — are exploited via a crafted data packet to gain local root privileges. Cause: a vulnerability in the inter-app data handling allows...
CVE-2017-15357
The CVE-2017-15357 entry concerns Haystack Software Arq for Mac (auto-updater). The vulnerability is in the updater’s setpermissions function, which can race via a symlink to grant root privileges by manipulating the updater binary itself. Affected releases are Arq for Mac before 5.9.7. Impact is...