SecurityWeek reports that updates have been released by ESET for a pair of local privilege escalation flaws in its offerings for Windows and macOS.
More significant of the two is a high-severity issue in file operations management during detected file removals in ESET's Windows antivirus, server security, and internet security products, tracked as CVE-2024-7400, which could be exploited to facilitate arbitrary file deletion and privilege escalation, according to ESET. "ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this advisory is required to be taken by ESET customers," said ESET. Also addressed was a medium-severity ESET Cyber Security and Endpoint Antivirus for macOS vulnerability, tracked as CVE-2024-6654, which could be leveraged to enable a denial-of-service intrusion. ESET emphasized that there has been no evidence suggesting any active exploitation of both vulnerabilities in the wild.