Categories: cyber securityMalwareVulnerability

Trend Micro Antivirus One Let Attacker Inject Malicious Code Into Application

A significant update for Trend Micro’s Antivirus One software has been released.

The update addresses a critical vulnerability that may have enabled attackers to inject malicious code. 

The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker to inject malicious code into the application’s context.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This particular vulnerability poses a significant risk since it has the ability to breach system security and serve as an entry point for other attacks.

Vulnerability Details

Versions 3.10.3 and below of Trend Micro Antivirus One are vulnerable to a custom dynamic library injection vulnerability (dylib).

If the vulnerability is successfully exploited, attackers may typically be able to bypass security measures, introduce more spyware into the device, and launch subsequent network attacks.

Currently, Trend Micro has not been notified of any actual attacks against the impacted products about this issue.

Raffaele Sabato, a security researcher, appropriately reported the problem to Trend Micro.

Affected Version(s)

The vulnerability affected Antivirus One for Mac versions 3.10.3 and lower.

Fix Available

Version 3.10.4 of Trend Micro’s Antivirus One for Mac has been released, fixing this issue.

Therefore, the business strongly recommends that Mac users who are currently using Trend Micro Antivirus One get this update immediately.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: AntivirusCyber Security NewsTrend MicroVulnerability
6 months ago

Recent Posts

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…

16 hours ago

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…

19 hours ago

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…

20 hours ago

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…

20 hours ago

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…

21 hours ago

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…

23 hours ago