We're happy to announce the release of SuperDuper v3.12 (with a forthcoming, identical update to the v3.20 Beta), which has a number of improvements, bug fixes, and a fix for security issue CVE-2025-69604. This version is available through the normal update mechanism in SuperDuper, or you can download it from here.

Security First - CVE-2025-69604

Let's discuss the security issue first. In SuperDuper v3.11 and earlier, a 3rd party could construct an installer package that did something malicious. They could then modify the settings to install this package, allowing root access.

The package install step was initially designed to be a convenient way to install an OS update on a copy. This is rarely done these days, so rather than fix this the way we fixed "shell script" execution and force "root" ownership of the installer package, we decided to remove the option completely.

As with the "shell script" fixes in v3.11, a user can see that this has happened because it's specifically referenced in "What's going to happen?", so if you're running a version of SuperDuper prior to v3.12, and see an unexpected section saying a package will be installed, turn that option off in the Advanced tab of Options.

We've added this CVE information to the security discussion posted earlier.

Improvements Second

Due to the accelerated release of v3.11, which was a mid-development "branch" to address the security issues involved, in our haste to get the update out, we were unable to fully test some of the changes in that release. Alas, this resulted in some corner-case crashes, which we've fixed.

We also found a longstanding issue where, in some unusual circumstances, we weren't reliably detecting a read error on some source files. We've fixed that as well.

We've made some improvements to our scheduler to help mitigate some of the Tahoe "stalling during Dark Wake" problems. They're not 100%, but things are better, and we're investigating additional improvements for the next update.

Finally. there are some other little fixes in there (a Dark Mode issue, a goof in the "amount of data deleted" statistic) as well.

Work Continues

We're still hard at work on additional Tahoe improvements...so back to it.

Thanks, as always, for using SuperDuper!