Dave Nanian and Bruce Lacey, at Shirt Pocket:
Mistakes are a part of life.
They’re not a great part, but when viewed “correctly”, they’re an
opportunity.Well, we have three opportunities, brought to our attention by a
security researcher. They’re security vulnerabilities that have
been in SuperDuper! since the very first version, released almost
22 years ago.Today, we’re releasing fixes for the current release (the
SuperDuper! v3.20 Beta is already fixed), a discussion of the
problems, and the steps users can take to mitigate the issues if
they cannot install the update.We don’t know of any bad actors making use of these exploits as of
this post.
Another good postmortem, with technical details and an apology.
