Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products

ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS.

ESET on Friday announced patches for two local privilege escalation vulnerabilities affecting multiple Windows and macOS products.

The Windows products, the company warns in an advisory, were found vulnerable to CVE-2024-7400, a high-severity bug affecting the file operations handling during the removal of a detected file.

An attacker with low privileges on a system running an affected ESET product could exploit the flaw to delete arbitrary files and escalate privileges.

“ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this advisory is required to be taken by ESET customers,” the company says.

ESET notes that the security defect impacts multiple end-user and enterprise products, including antivirus, internet security, and server security solutions.

The patched Cleaner module was released to all users on August 13. Those who do not regularly update their ESET products are advised to apply the fixes as soon as possible.

The cybersecurity firm credited Dmitriy Zuzlov of Positive Technologies for discovering and reporting the vulnerability.

“To the best of our knowledge, there are no existing exploits that take advantage of this vulnerability in the wild,” ESET notes.

Advertisement. Scroll to continue reading.

On Friday, the company also announced patches for CVE-2024-6654, a medium-severity bug affecting ESET Cyber Security versions 7.0 to 7.4.1600.0, and Endpoint Antivirus for macOS (now Endpoint Security for macOS) versions 7.0 – 7.5.50.0.

The flaw, ESET says, could have allowed a low-privileged user to plant a symlink to a specific location, thus preventing the company’s security tools from running properly.

The issue “enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down”, the company says.

ESET addressed the vulnerability in Cyber Security version 7.5.74.0 and Endpoint Security for macOS version 8.0.7200.0 and notes that it is not aware of any in-the-wild exploitation attempts.

“Note that as of version 8 there is a single product for ESET’s business customers on the macOS platform, named ESET Endpoint Security for macOS,” ESET points out.

Related: ESET Patches High-Severity Privilege Escalation Vulnerability

Related: Cybersecurity Products Conking Out After macOS Sequoia Update

Related: WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies

Related: The Future of CyberSecurity Is Prevention

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.