Back
Get-task-allow entitlement via BDLDaemon on macOS (VA-3448)
Publication date: December 30th, 2019
CVSS scrore:
4.9 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus for Mac
Vulnerability details:
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories.
Additional details:
The vulnerability has been fixed in Bitdefender Antivirus for Mac version 8.0.0
Credit:
Bugcrowd user Bohops