CVE-2025-69604

Sažetak

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Reference

http://shirt.com
https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html
https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_v312_now_available

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

13-02-2026 - 20:32

Objavljeno

29-01-2026 - 20:16