Back
Code Injection in Bitdefender Antivirus for Mac (VA-3441)
Publication date: January 29th, 2020
CVSS scrore:
5.3 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus for Mac
Vulnerability details:
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution.
Additional details:
Update the Antivirus for Mac solution to version 8.0.0 or higher.
Credit:
Bugcrowd user Bohops