Today > 5 Critical | 36 High | 55 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-11128

Jan. 13, 2025, 10:15 p.m.

Tags

CWE-269
cve-requests@bitdefender.com
2025-01-13
CVE-2024-11128

Product(s) Impacted

Bitdefender Virus Scanner for MacOS

  • before 3.18

Description

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

Weaknesses

CWE-269
Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE ID: 269

Date

Published: Jan. 13, 2025, 10:15 p.m.

Last Modified: Jan. 13, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-requests@bitdefender.com

References

https://www.bitdefender.com/ cve-requests@bitdefender.com