CVE-2017-16928

The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt