A significant update for Trend Micro’s Antivirus One software has been released.
The update addresses a critical vulnerability that may have enabled attackers to inject malicious code.
The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker to inject malicious code into the application’s context.
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
If you want to test all these features now with completely free access to the sandbox:
This particular vulnerability poses a significant risk since it has the ability to breach system security and serve as an entry point for other attacks.
Versions 3.10.3 and below of Trend Micro Antivirus One are vulnerable to a custom dynamic library injection vulnerability (dylib).
If the vulnerability is successfully exploited, attackers may typically be able to bypass security measures, introduce more spyware into the device, and launch subsequent network attacks.
Currently, Trend Micro has not been notified of any actual attacks against the impacted products about this issue.
Raffaele Sabato, a security researcher, appropriately reported the problem to Trend Micro.
The vulnerability affected Antivirus One for Mac versions 3.10.3 and lower.
Version 3.10.4 of Trend Micro’s Antivirus One for Mac has been released, fixing this issue.
Therefore, the business strongly recommends that Mac users who are currently using Trend Micro Antivirus One get this update immediately.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
In the big data era, pre-training large vision transformer (ViT) models on massive datasets has become prevalent for enhanced performance…
A critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the…
In a recent encounter, the Akira ransomware group exploited a novel privilege escalation technique, where the attackers infiltrated the victim's…
The U.S. Securities and Exchange Commission (SEC) has made changes to Regulation S-P that require financial companies to report data…
Two Chinese people have been arrested on suspicion of being involved in a complex cryptocurrency trading scam that stole more…
A proof-of-concept (PoC) exploit for a critical zero-day vulnerability (CVE-2024-4947) in Google Chrome has been made public. The potential for…