We recently identified a vulnerability in the digitally signed 
Bitdefender GravityZone installer.

The vulnerability allows an attacker to execute malicious code without 
breaking the original digital signature, and without embedding anything 
malicious into the installer itself.

This means that an appropriately positioned attacker can cause the 
signed installer to run an arbitrary remotely hosted executable.

For more information regarding these issues please visit: 
https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

Cheers,
kyREcon