CVE-2017-16895

HIGH

Arq 5.0.0.65-5.9.9 - Local Privilege Escalation via Helper App Data Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16895. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Arq <= 5.9.7 by manipulating the inter-app protocol to set SUID root on an arbitrary binary. It compiles a shellcode payload that spawns a root shell after removing the temporary binary.

Description

The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mark Wadham · rubylocalmacos
https://www.exploit-db.com/exploits/43216

This exploit leverages a local privilege escalation vulnerability in Arq <= 5.9.7 by manipulating the inter-app protocol to set SUID root on an arbitrary binary. It compiles a shellcode payload that spawns a root shell after removing the temporary binary.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Arq <= 5.9.7
No auth needed
Prerequisites: Arq <= 5.9.7 installed on macOS · Local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43216/

Scores

CVSS v3 7.8
EPSS 0.0102
EPSS Percentile 58.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
arqbackup/arq 5.0.0.65 - 5.10
Published Dec 01, 2017
Tracked Since Feb 18, 2026