exploitDog

CVE-2024-11128

Опубликовано: 13 янв. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

Ссылки

https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bitdefender:virus_scanner:*:*:*:*:*:macos:*:*

Версия до 3.18 (исключая)

EPSS

Процентиль: 9%

0.00032

Низкий

7.8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r88j-hwqm-286v

CVSS3: 7.8

github

около 1 года назад

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

EPSS

Процентиль: 9%

0.00032

Низкий

7.8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo