CVE-2026-26225
📋 TL;DR
Intego Personal Backup for macOS contains a local privilege escalation vulnerability where non-privileged users can write malicious backup task files that are processed with elevated privileges. This allows attackers to write arbitrary files to sensitive system locations and gain root access. Users of Intego Personal Backup on macOS are affected.
💻 Affected Systems
- Intego Personal Backup
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full root privileges on the macOS system, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.
Likely Case
Malicious local user or malware with user-level access escalates to root to install backdoors, keyloggers, or ransomware.
If Mitigated
Attack is prevented by proper file permissions, user access controls, or patched software, limiting impact to user-level activities.
🎯 Exploit Status
Exploitation requires crafting malicious serialized task files and local access; no public exploit code is available but technical details are published.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Intego Personal Backup X9
Vendor Advisory: https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes
Restart Required: No
Instructions:
1. Open Intego Personal Backup. 2. Check for updates via application menu. 3. Download and install version X9 or later. 4. Verify installation completes successfully.
🔧 Temporary Workarounds
Restrict write permissions to backup task directory
macOSChange permissions on the backup task file directory to prevent non-privileged users from writing malicious files.
sudo chmod 700 /path/to/backup/task/directory
sudo chown root:wheel /path/to/backup/task/directory
🧯 If You Can't Patch
- Uninstall Intego Personal Backup if not essential for operations.
- Implement strict user access controls to limit local user accounts on affected systems.
🔍 How to Verify
Check if Vulnerable:
Check Intego Personal Backup version; if earlier than X9, system is vulnerable. Also verify if backup task files are stored in user-writable locations.Check Version:
Open Intego Personal Backup and navigate to 'About Intego Personal Backup' in the application menu.Verify Fix Applied:
Confirm Intego Personal Backup version is X9 or later via application info or version check command.📡 Detection & Monitoring
Log Indicators:
- Unusual file writes to system directories by Intego Personal Backup processes
- Suspicious backup task file modifications by non-privileged users
Network Indicators:
- None - this is a local privilege escalation with no network component
SIEM Query:
Process execution logs where Intego Personal Backup writes files to sensitive locations like /Library, /System, or /etc🔗 References
- https://blog.quarkslab.com/intego_lpe_macos_1.html
- https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes
- https://www.intego.com/
- https://www.intego.com/bootable-mac-backups
- https://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation
