CVE-2024-11128

HIGH

Bitdefender Virus Scanner < 3.18 - Unauthenticated .dynamic Library Injection via DYLD Injection

Title source: llm

Description

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

References (1)

Core 1

Core References

Vendor Advisory

https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

bitdefender/virus_scanner < 3.18

Published Jan 13, 2025

Tracked Since Feb 18, 2026