CVE-2024-11128 HIGH

CVE-2024-11128: Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS

Vendor Bitdefender
Product Virus Scanner
Weakness CWE-269
Published January 13, 2025
Last update January 14, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

Key dates

02Disclosure timeline

January 13, 2025 CVE published
January 14, 2025 Record updated