What is the severity of CVE-2024-11128?

CVE-2024-11128 is rated as a high severity vulnerability due to its potential for dynamic library injection without sufficient checks.

How do I fix CVE-2024-11128?

To fix CVE-2024-11128, ensure you update the Bitdefender Virus Scanner to version 3.18 or newer, which addresses this vulnerability.

What systems are affected by CVE-2024-11128?

CVE-2024-11128 affects Bitdefender Virus Scanner on MacOS up to version 3.18.

Can CVE-2024-11128 be exploited remotely?

CVE-2024-11128 does not require remote exploitation, as it can be triggered locally on the affected system.

What are the consequences of not addressing CVE-2024-11128?

Failure to address CVE-2024-11128 may allow malicious actors to perform unauthorized actions via DYLD injection, compromising system integrity.

Vulnerability/
CVE-2024-11128

high

8.4

CWE

269

13/1/2025

11/2/2025

CVE-2024-11128: Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS

First published: Mon Jan 13 2025(Updated: )

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

Credit: cve-requests@bitdefender.com

Affected Software	Affected Version	How to fix
Bitdefender Virus Scanner for macOS	<3.18
Bitdefender Virus Scanner for macOS	<3.18

Remedy

An automatic update to version 3.18 fixes the issue.

Never miss a vulnerability like this again

Reference Links

https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/

Frequently Asked Questions

What is the severity of CVE-2024-11128?
CVE-2024-11128 is rated as a high severity vulnerability due to its potential for dynamic library injection without sufficient checks.
How do I fix CVE-2024-11128?
To fix CVE-2024-11128, ensure you update the Bitdefender Virus Scanner to version 3.18 or newer, which addresses this vulnerability.
What systems are affected by CVE-2024-11128?
CVE-2024-11128 affects Bitdefender Virus Scanner on MacOS up to version 3.18.
Can CVE-2024-11128 be exploited remotely?
CVE-2024-11128 does not require remote exploitation, as it can be triggered locally on the affected system.
What are the consequences of not addressing CVE-2024-11128?
Failure to address CVE-2024-11128 may allow malicious actors to perform unauthorized actions via DYLD injection, compromising system integrity.

agent/remedy
agent/weakness
agent/title
agent/type
agent/references
agent/first-publish-date
agent/description
agent/author
collector/mitre-cve
source/MITRE
agent/source
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/guess-ai
vendor/bitdefender
canonical/bitdefender virus scanner for macos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.