Mon Sep 23 17:43:59 UTC 2024: ## ESET Patches Two Critical Flaws in Its Products
**Bratislava, Slovakia – September 24, 2024** – Cybersecurity firm ESET has addressed two critical vulnerabilities in its products. These flaws could have allowed attackers to perform privilege escalation and denial-of-service attacks.
The first vulnerability, tracked as **CVE-2024-7400**, impacts ESET’s file operations during the removal of detected files. This could have enabled attackers to delete arbitrary files without proper permissions, potentially leading to privilege escalation. The vulnerability affects Windows operating systems and has been addressed with a fix in the Cleaner module 1251.
The second vulnerability, tracked as **CVE-2024-6654**, impacts ESET’s macOS products. This flaw could allow a logged user to perform a denial-of-service attack by planting a symlink to a specific location, preventing ESET security products from starting properly. The company has released Cyber Security version 7.5.74.0 and Endpoint Security for macOS version 8.0.7200.0 to address this issue.
ESET has confirmed that it is not aware of any public exploits for either vulnerability. However, the company recommends that all users update their ESET products to the latest versions to mitigate potential risks.
**ESET users are encouraged to:**
* Download the latest installers from ESET’s website or repository for new installations.
* Ensure that their ESET products are regularly updated.
This latest development highlights the ongoing need for vigilance against cyber threats and the importance of keeping software updated to the latest versions.
First Piper 