CVE-2024-9484

Summary

CVE-2024-9484 identifies a null-pointer dereference vulnerability in the engine module of AVG/Avast Antivirus, affecting versions with signature <24092400 released on September 24, 2024, for macOS. This vulnerability allows a malformed xar file to crash the application during file processing, posing a medium severity risk to organizations as it can lead to application unavailability. The exploitability score is rated at 1.4, indicating a relatively low likelihood of successful exploitation requiring local access with no user interaction. Remediation measures should include updating the antivirus software to a version that addresses this issue as well as implementing security best practices for handling potentially malicious files. Failure to address this vulnerability may result in operational disruptions and impact system availability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.