Sunday, May 19, 2024

Trend Micro Antivirus One Let Attacker Inject Malicious Code Into Application

By Guru baran

A significant update for Trend Micro’s Antivirus One software has been released.

The update addresses a critical vulnerability that may have enabled attackers to inject malicious code. 

The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker to inject malicious code into the application’s context.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This particular vulnerability poses a significant risk since it has the ability to breach system security and serve as an entry point for other attacks.

Vulnerability Details

Versions 3.10.3 and below of Trend Micro Antivirus One are vulnerable to a custom dynamic library injection vulnerability (dylib).

If the vulnerability is successfully exploited, attackers may typically be able to bypass security measures, introduce more spyware into the device, and launch subsequent network attacks.

Currently, Trend Micro has not been notified of any actual attacks against the impacted products about this issue.

Raffaele Sabato, a security researcher, appropriately reported the problem to Trend Micro.

Affected Version(s)

The vulnerability affected Antivirus One for Mac versions 3.10.3 and lower.

Fix Available

Version 3.10.4 of Trend Micro’s Antivirus One for Mac has been released, fixing this issue.

Therefore, the business strongly recommends that Mac users who are currently using Trend Micro Antivirus One get this update immediately.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Managed WAF Protection

Website

Latest articles

Cyber Security News

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make...
Cyber Attack

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...
Cyber Attack

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...
Cyber Attack

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...
cyber security

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...
cyber security

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...
CVE/vulnerability

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]