CVE-2017-16945

HIGH

Arq < 5.10 - Local Privilege Escalation via Crafted Restore Path

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16945. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Arq <= 5.10 by replacing the 'standardrestorer' binary with a malicious version via the vulnerable 'arq_updater' SUID binary. It then triggers the payload to gain root privileges.

Description

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.

Exploits (1)

exploitdb WORKING POC
by Mark Wadham · bashlocalmacos
https://www.exploit-db.com/exploits/43926

This exploit targets a local privilege escalation vulnerability in Arq <= 5.10 by replacing the 'standardrestorer' binary with a malicious version via the vulnerable 'arq_updater' SUID binary. It then triggers the payload to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Arq <= 5.10
Auth required
Prerequisites: Auto-updates enabled in Arq · Local user access · Arq application installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43926/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/146159/Arq-5.10-Local-Privilege-Escalation.html

Scores

CVSS v3 7.8
EPSS 0.0101
EPSS Percentile 58.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
haystacksoftware/arq < 5.10
Published Jan 31, 2018
Tracked Since Feb 18, 2026