"ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products"

ESET recently announced patches for two local privilege escalation vulnerabilities affecting multiple Windows and macOS products. The Windows products were found vulnerable to CVE-2024-7400, a high-severity bug affecting the file operations handling during the removal of a detected file. ESET noted that an attacker with low privileges on a system running an affected ESET product could exploit the flaw to delete arbitrary files and escalate privileges. ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. ESET notes that the security defect impacts multiple end-user and enterprise products, including antivirus, internet security, and server security solutions. The patched Cleaner module was released to all users on August 13. Those not regularly updating their ESET products are advised to apply the fixes as soon as possible. ESET also announced patches for CVE-2024-6654, a medium-severity bug affecting ESET Cyber Security versions 7.0 to 7.4.1600.0, and Endpoint Antivirus for macOS (now Endpoint Security for macOS) versions 7.0 – 7.5.50.0. ESET notes that the flaw could have allowed a low-privileged user to plant a symlink to a specific location, thus preventing the company’s security tools from running properly. ESET addressed the vulnerability in Cyber Security version 7.5.74.0 and Endpoint Security for macOS version 8.0.7200.0 and noted that it is unaware of any in-the-wild exploitation attempts.

SecurityWeek reports: "ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products"