Cyber Posture

CVE-2024-11128

HighLPE

Published: 13 January 2025

Published
13 January 2025
Modified
11 February 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11128 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Bitdefender Virus Scanner. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-14 Signed Components good match
prevent

Requires digital signing of software components, directly addressing the absence of Hardened Runtime or Library Validation signing that enables DYLD injection.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through patching, which resolves the vulnerability by updating to version 3.18 with proper signing protections.

SI-7 Software, Firmware, and Information Integrity partial match
preventdetect

Enforces software integrity verification including signature checks, mitigating unauthorized library injection by detecting changes to the VirusScanner binary.

NVD Description

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation…

more

signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

Deeper analysisAI

CVE-2024-11128 is a vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for macOS. The issue arises from the absence of Hardened Runtime or Library Validation signing, which allows dynamic library (DYLD) injection without being blocked by Apple Mobile File Integrity (AMFI). This affects Bitdefender Virus Scanner versions prior to 3.18 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-269.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables injection of arbitrary dynamic libraries into the Virus Scanner process, potentially resulting in high confidentiality, integrity, and availability impacts on the affected system.

The Bitdefender security advisory at https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/ addresses this issue, with mitigation achieved by updating to version 3.18 or later, which resolves the lack of required signing protections.

Details

CWE(s)
CWE-269NVD-CWE-noinfo

Affected Products

bitdefender
virus scanner
≤ 3.18

CVEs Like This One

CVE-2024-13872Same vendor: Bitdefender
CVE-2024-13871Same vendor: Bitdefender
CVE-2026-2777Shared CWE-269
CVE-2025-0834Shared CWE-269
CVE-2025-48613Shared CWE-269
CVE-2024-58104Shared CWE-269
CVE-2025-15027Shared CWE-269
CVE-2026-35595Shared CWE-269
CVE-2025-64487Shared CWE-269
CVE-2025-0180Shared CWE-269

References