Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

[Jason Geffner <geffner () gmail com>]

The message I received on April 17th, 2020 was as follows: "We recently
released a Win fix and Mac build from this code base should have the same
fix (Mac version 7.1.0.434)."

On Sat, Dec 26, 2020 at 12:59 PM Mark E. Jeftovic <markjr () easydns com>
wrote:

> Is there a transposition typo in the Mac OSX version number?
>
> *Fixed Version:* 7.0.1.433 (Windows) and 7.1.0.434 (macOS)
>
> My OSX Backblaze is reporting 7.0.2.470 as most recent version
> On 2020-12-24 1:27 PM, Jason Geffner wrote:
>
> Thanks, Reed. I've updated the GitHub repository name to reflect this
> change. The detailed write-up can now be found athttps://github.com/geffner/CVE-2020-8289/blob/master/README.md.
>
> On Tue, Dec 22, 2020 at 3:56 AM Reed Loden <reed () reedloden com> <reed () reedloden com> wrote:
>
>
> Due to a process fail, this CVE ID was accidentally reused for another
> vulnerability.
>
> The updated CVE ID for this issue is CVE-2020-8289.
>
> We apologize to Jason and others for the inconvenience caused by this
> error.
>
> Happy holidays,
> ~reed
> (for HackerOne)
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing listhttps://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
> --
> Mark E. Jeftovic <markjr () easydns com> <markjr () easydns com>
> Co-founder & CEO, easyDNS Technologies Inc.
> AxisOfEasy.com - *For full coverage of a world gone full cyberpunk...*

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/