← voltar
CVE-2024-11128

Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS

CVSS 8.4 HIGHEPSS 0.2%CWE-269
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Produtos afetados
Bitdefender · Virus Scanner

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/