Arq® Blog

Arq for Mac: Important Security Update

If you’re using Arq on a Mac, please download and run the 5.10 installer to get an update that fixes a security vulnerability (see details below).

  1. Click this link to download the installer DMG: Arq 5.10
  2. Double-click the DMG file to open it.
  3. Double-click the Arq icon in the DMG file to install.

Arq for Mac Vulnerabilities Fixed

Mark Wadham (thank you Mark for all your help identifying and helping to resolve this!) identified a vulnerability in Arq 5 for Mac where an attacker could become “root” user. The issue was the way Arq applied the set-user-ID-on-execution bit to helper apps (for auto-updating, backup using administrator privileges, and restoring). The affected helper apps were arq_updater (for auto-update), arqcommitter (for backing up) and standardrestorer, arqglacierrestorer and arqs3glacierrestorer (for restoring). The fix for this issue is implemented in Arq 5.10:

  1. When you double-click the Arq icon in the DMG, Arq copies itself to /Applications and sets the permissions on the application bundle to prevent non-root users from modifying it.
  2. Arq will only set the set-user-ID-on-execution bit on the helper apps if the Arq app bundle is installed in /Applications.

Arq 5.10.0 for Windows

If you’re using Arq 5 on Windows, we just shipped an update that contains numerous bug fixes. Please pick “Check for Updates” from Arq’s menu to get the 5.10.0 update. Or, run the 5.10.0 installer.

Need to back up your files securely to the cloud?

Set up backups in 1 minute with Arq 7:

Download Arq

30-day free trial

"Best backup solution? @arqbackup with your choice of cloud provider. Great program!! Always helpful when I have questions also. Great support!" @Tony_Simek Feb 5, 2021

"Just used @arqbackup for my first real world restore, which saved me hours of rework. Would recommend." @jonathon Nov 14, 2020