Login Sign Up

CVE-2024-11128

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to inject malicious dynamic libraries into Bitdefender Virus Scanner on macOS, bypassing Apple's security protections. It affects macOS users running Bitdefender Virus Scanner versions before 3.18, potentially enabling privilege escalation or malware persistence.

💻 Affected Systems

Products:
  • Bitdefender Virus Scanner for macOS
Versions: Versions before 3.18
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects macOS systems where Bitdefender Virus Scanner is installed and running vulnerable versions.

📦 What is this software?

Virus Scanner by Bitdefender

View all CVEs affecting Virus Scanner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via privilege escalation, allowing attackers to execute arbitrary code with elevated privileges, install persistent malware, or bypass other security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to gain higher privileges than intended, potentially leading to data theft, surveillance, or installation of additional malware.

🟢

If Mitigated

Limited impact if proper endpoint protection and monitoring are in place, though the vulnerability still provides an initial foothold for attackers.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to the system and knowledge of DYLD injection techniques. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.18 or later

Vendor Advisory: https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/

Restart Required: No

Instructions:

1. Open Bitdefender Virus Scanner. 2. Check for updates in the application settings. 3. Install version 3.18 or later. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Bitdefender Virus Scanner

macOS

Temporarily disable the vulnerable component until patching is possible

🧯 If You Can't Patch

  • Implement strict application control policies to prevent unauthorized DYLD injection
  • Monitor for suspicious process injection attempts using endpoint detection tools

🔍 How to Verify

Check if Vulnerable:

Check Bitdefender Virus Scanner version in application settings or About dialog. If version is below 3.18, the system is vulnerable.

Check Version:

Check via Bitdefender GUI or look for version information in /Applications/Bitdefender Virus Scanner.app

Verify Fix Applied:

Confirm Bitdefender Virus Scanner version is 3.18 or higher in application settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual DYLD environment variable modifications
  • Suspicious library loading by Bitdefender processes
  • Unauthorized privilege escalation attempts

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process creation events where parent process is BitdefenderVirusScanner with suspicious command line arguments or environment variables

📊 Metadata

CVE ID: CVE-2024-11128
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
EPSS Score: 0.03% exploit probability (8.8th percentile)
Published: January 13, 2025
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11128, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)