September 23, 2024 at 10:00AM
ESET released patches for high-severity CVE-2024-7400 impacting Windows products, enabling privilege escalation through file deletion. The fix was automatically distributed to customers. The security flaw affected multiple end-user and enterprise products. ESET also addressed medium-severity CVE-2024-6654, which could cause denial-of-service attacks on macOS security tools, with patches for Cyber Security and Endpoint Security.
From the meeting notes, it is clear that ESET announced patches for two local privilege escalation vulnerabilities affecting multiple Windows and macOS products. The high-severity bug, CVE-2024-7400, impacted the file operations handling during the removal of a detected file in ESET’s Windows products, potentially allowing an attacker to delete arbitrary files and escalate privileges. ESET released the patched Cleaner module to address this issue, and customers are advised to apply the fixes as soon as possible.
Additionally, ESET addressed a medium-severity bug, CVE-2024-6654, affecting ESET Cyber Security and Endpoint Antivirus for macOS. This vulnerability could have allowed a low-privileged user to plant a symlink to a specific location, potentially causing a denial-of-service attack and disabling the protection of ESET security products. The company released updates for Cyber Security and Endpoint Security for macOS to mitigate this issue.
It is important to note that ESET credited Dmitriy Zuzlov of Positive Technologies for discovering and reporting the vulnerabilities, and the company is not aware of any existing exploits taking advantage of these vulnerabilities in the wild.