Arq for Mac Vulnerabilities Fixed
Mark Wadham (thank you Mark for all your help identifying and helping to resolve this!) identified a vulnerability in Arq 5 for Mac where an attacker could become "root" user. The issue was the way Arq applied the set-user-ID-on-execution bit to helper apps (for auto-updating, backup using administrator privileges, and restoring). The affected helper apps were arq_updater (for auto-update), arqcommitter (for backing up) and standardrestorer, arqglacierrestorer and arqs3glacierrestorer (for restoring). The fix for this issue is implemented in Arq 5.10:
When you double-click the Arq icon in the DMG, Arq copies itself to /Applications and sets the permissions on the application bundle to prevent non-root users from modifying it.
Arq will only set the set-user-ID-on-execution bit on the helper apps if the Arq app bundle is installed in /Applications.
1 comment
[ 3.0 ms ] story [ 15.2 ms ] thread