PT-2025-1620 · Bitdefender · Bitdefender Virus Scanner

Publicado

2025-01-13

Atualizado

2025-01-14

CVE-2024-11128

CVSS v4.0

8.4

Alta

Vetor

AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions Bitdefender Virus Scanner versions prior to 3.18

Description A vulnerability in the BitdefenderVirusScanner binary may allow dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing.

Recommendations Update to version 3.18 to resolve the issue. As a temporary workaround, consider restricting the use of the BitdefenderVirusScanner binary until a patch is applied.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2024-11128

Produtos afetados

Bitdefender Virus Scanner

PT-2025-1620 · Bitdefender · Bitdefender Virus Scanner

CVE-2024-11128

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7