Vulnerability Management, Patch/Configuration Management

Fixes issued for ESET local privilege escalation bugs

binary code and magnifying glass

SecurityWeek reports that updates have been released by ESET for a pair of local privilege escalation flaws in its offerings for Windows and macOS.

More significant of the two is a high-severity issue in file operations management during detected file removals in ESET's Windows antivirus, server security, and internet security products, tracked as CVE-2024-7400, which could be exploited to facilitate arbitrary file deletion and privilege escalation, according to ESET. "ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this advisory is required to be taken by ESET customers," said ESET. Also addressed was a medium-severity ESET Cyber Security and Endpoint Antivirus for macOS vulnerability, tracked as CVE-2024-6654, which could be leveraged to enable a denial-of-service intrusion. ESET emphasized that there has been no evidence suggesting any active exploitation of both vulnerabilities in the wild.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds