What the vulnerability does

01Description

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

Key dates

02Disclosure timeline

December 27, 2020 CVE published
August 4, 2024 Record updated