Back

Privilege escalation in Bitdefender Antivirus for Mac (VA-3499)

Publication date: January 29th, 2020


CVE ID:
CVE-2020-8092
CVSS scrore:
1.6 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus for Mac
Vulnerability details:

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud.

Additional details:
The vulnerability has been fixed in Bitdefender Antivirus for Mac version 8.0.0. An automatic update mitigates the issue.
Credit:
Bugcrowd user Bohops