Multiple vulnerabilities in Trend Micro Antivirus for Mac

1) Information disclosure

EUVDB-ID: #VU47935

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-27015

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the error message that includes sensitive information within the KERedirect kext. A local administrator can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Antivirus for Mac: 2020 (v10.x) - 2020 (v10.x)

CPE2.3

• cpe:2.3:a:trend_micro:antivirus_for_mac:*:*:*:*:*:*:*:*

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1286/
http://helpcenter.trendmicro.com/en-us/article/TMKA-09975

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU47936

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-27014

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the lack of proper locking when performing operations on an object within the KERedirect kext. A local administrator can escalate privileges and execute arbitrary code in the context of the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Antivirus for Mac: 2020 (v10.x) - 2020 (v10.x)

CPE2.3

• cpe:2.3:a:trend_micro:antivirus_for_mac:*:*:*:*:*:*:*:*

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1285/
http://helpcenter.trendmicro.com/en-us/article/TMKA-09974

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?