Cybersecurity firm Trend Micro has posted an update to its security advisory to include a warning that a known vulnerability in its antivirus solutions is now being exploited in the wild.
The vulnerability in question is CVE-2020-24557 which is described as an improper access control issue that allows a local attacker to gain unauthorized access to otherwise restricted functionality. The vulnerability exists due to improper access restrictions within the ApexOne Security Agent. A local user can manipulate a particular product folder to disable the security temporarily and gain elevated privileges on the target system.
The flaw affects Trend Micro Apex One, Apex One SaaS, and OfficeScan Corporate Edition.
“Known vulnerabilities in Apex One, Apex One SaaS and OfficeScan agents could elevate privileges, allow an attacker to manipulate certain product folders to temporarily disable security features, or to temporarily disable certain Windows features. It may be abused,” the company wrote in the updated advisory. “We have confirmed attacks that exploit known vulnerabilities in the following products.”
While the advisory doesn’t mention who is behind the attacks or for how long they have been going on, a source told The record that the vulnerability was used by an advanced persistent threat (APT) actor, a term used to describe state-backed hacker groups.