PT-2025-1620 · Bitdefender · Bitdefender Virus Scanner

Published

2025-01-13

Updated

2025-01-14

CVE-2024-11128

CVSS v4.0

8.4

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions Bitdefender Virus Scanner versions prior to 3.18

Description A vulnerability in the BitdefenderVirusScanner binary may allow dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing.

Recommendations Update to version 3.18 to resolve the issue. As a temporary workaround, consider restricting the use of the BitdefenderVirusScanner binary until a patch is applied.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-11128

Affected Products

Bitdefender Virus Scanner

PT-2025-1620 · Bitdefender · Bitdefender Virus Scanner

CVE-2024-11128

Weakness Enumeration

Related Identifiers

Affected Products

References · 7