The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by…

Link: http://feeds.security-database.com/~r/Last100Alerts/~3/v6YD7GJkoyU/detail.php