Shirt Pocket: community verdicts
4 notable / known-exploited Shirt Pocket CVEs the community has triaged.
- CVE-2025-57489HIGH 8.1Real · low riskEPSS 0%
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.
- CVE-2025-61229HIGH 7.8Real · low riskEPSS 0%
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
- CVE-2025-69604HIGH 7.8Real · low riskEPSS 0%
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
- CVE-2025-61228HIGH 7.8Real · low riskEPSS 0%
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism