An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3’s helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26893
Reference (s):
- https://gist.github.com/matt-clamxav/d341bd48f12a14d2147f8ce860bb36d0