Categories: cyber securityMalwareVulnerability

Trend Micro Antivirus One Let Attacker Inject Malicious Code Into Application

A significant update for Trend Micro’s Antivirus One software has been released.

The update addresses a critical vulnerability that may have enabled attackers to inject malicious code. 

The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker to inject malicious code into the application’s context.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This particular vulnerability poses a significant risk since it has the ability to breach system security and serve as an entry point for other attacks.

Vulnerability Details

Versions 3.10.3 and below of Trend Micro Antivirus One are vulnerable to a custom dynamic library injection vulnerability (dylib).

If the vulnerability is successfully exploited, attackers may typically be able to bypass security measures, introduce more spyware into the device, and launch subsequent network attacks.

Currently, Trend Micro has not been notified of any actual attacks against the impacted products about this issue.

Raffaele Sabato, a security researcher, appropriately reported the problem to Trend Micro.

Affected Version(s)

The vulnerability affected Antivirus One for Mac versions 3.10.3 and lower.

Fix Available

Version 3.10.4 of Trend Micro’s Antivirus One for Mac has been released, fixing this issue.

Therefore, the business strongly recommends that Mac users who are currently using Trend Micro Antivirus One get this update immediately.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: AntivirusCyber Security NewsTrend MicroVulnerability
10 months ago

Recent Posts

Google Issues Warning on Phishing Campaigns Targeting Higher Education Institutions

Google, in collaboration with its Mandiant Threat Intelligence team, has issued a warning about a…

4 hours ago

TgToxic Android Malware Updated it’s Features to Steal Login Credentials

The TgToxic Android malware, initially discovered in July 2022, has undergone significant updates, enhancing its…

4 hours ago

Hackers Exploiting Cisco Small Business Routers RCE Vulnerability Deploying Webshell

A critical remote code execution (RCE) vulnerability, CVE-2023-20118, affecting Cisco Small Business Routers, has become…

4 hours ago

Malicious npm Package Targets Developers for Supply Chain Attack

The Socket Research Team has uncovered a malicious npm package@ton-wallet/create designed to steal sensitive cryptocurrency…

4 hours ago

New Auto-Color Malware Attacking Linux Devices to Gain Full Remote Access

Researchers at Palo Alto Networks have identified a new Linux malware, dubbed "Auto-Color," that has…

5 hours ago

Lumma Stealer Malware Delivered Through Weaponized Files Disguised as Videos

The Lumma Stealer malware, a sophisticated infostealer, is being actively distributed through malicious files disguised…

5 hours ago