CVE-2024-11128

Published Jan 13, 2025

Last updated 16 days ago

CVSS high 8.4

Overview

Description
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
Source
cve-requests@bitdefender.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve-requests@bitdefender.com
CWE-269
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2024-11128 Library Injection in Bitdefender Virus Scanner for macOS https://t.co/QgQRofI0Ir

    @VulmonFeeds

    14 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-11128 A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without bei… https://t.co/EwHxNGYAHN

    @CVEnew

    13 Jan 2025

    271 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-11128: HIGH] Critical vulnerability in Bitdefender Virus Scanner for MacOS! Lack of Hardened Runtime allows DYLD injection, putting devices at risk. Update to version 3.18 to stay protected.#cybersecurity,#vulnerability https://t.co/OHuu7yRnO6 https://t.co/6mXpPc6OSa

    @CveFindCom

    13 Jan 2025

    43 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References