2020-10-16 12:53:54
mitre
PUBLISHED
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3s helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.