CVE-2024-11128

A vulnerability in the BitdefenderVirusScanner binary as used inBitdefender Virus Scanner for MacOS may allow .dynamic library injection(DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
BitdefenderCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
bitdefendervirus_scanner
𝑥
< 3.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/