20 September 2023

Trend Micro patches Apex One zero-day exploited in hacker attacks


Trend Micro patches Apex One zero-day exploited in hacker attacks

Trend Micro released emergency security updates to address a zero-day vulnerability in its Apex One endpoint protection solution actively exploited in the wild.

Tracked as CVE-2023-41179, the flaw is a command injection issue within the third-party AV uninstaller module shipped with the software. By exploiting this bug a local user can execute arbitrary commands with elevated privileges.

The affected software solutions include:

  • Trend Micro Apex One 2019

  • Trend Micro Apex One SaaS 2019

  • Worry-Free Business Security (WFBS) 10.0 SP1

  • Worry-Free Business Security Services (WFBSS) 10.0 SP1

The vendor didn’t provide additional details regarding the nature of exploitation, only noting that it “has observed at least one active attempt of potential exploitation of this vulnerability in the wild.”

Users are strongly recommended to update to the latest builds as soon as possible.

Back to the list

Latest Posts

Critical Aviatrix Controller flaw exploited to install backdoors and cryptominers

Critical Aviatrix Controller flaw exploited to install backdoors and cryptominers

The vulnerability allows attackers to escalate privileges and gain full control of cloud resources.
13 January 2025
Over 4K active hacker backdoors found in expiring or abandoned domains

Over 4K active hacker backdoors found in expiring or abandoned domains

Several of the web shells had been backdoored by their original maintainers, leaking critical information.
13 January 2025
Microsoft takes legal action against hackers exploiting AI for malicious purposes

Microsoft takes legal action against hackers exploiting AI for malicious purposes

The group accessed generative AI services and manipulated the system to produce harmful content.
13 January 2025