CVE-2024-11128
Published: 13 January 2025
Description
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
Security Summary
CVE-2024-11128 is a vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for macOS. The issue arises from the absence of Hardened Runtime or Library Validation signing, which allows dynamic library (DYLD) injection without being blocked by Apple Mobile File Integrity (AMFI). This affects Bitdefender Virus Scanner versions prior to 3.18 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-269.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables injection of arbitrary dynamic libraries into the Virus Scanner process, potentially resulting in high confidentiality, integrity, and availability impacts on the affected system.
The Bitdefender security advisory at https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/ addresses this issue, with mitigation achieved by updating to version 3.18 or later, which resolves the lack of required signing protections.
Details
- CWE(s)