News

Google researcher discovers leaks in Trend Micro’s password manager

By admin
Spread the love

Tavis Ormandy of Google’s Project Zero team discovered several vulnerabilities in Trend Micro’s password manager that could allow an attacker to access passwords stored there. It was also possible to run arbitrary code.

The vulnerability concerns a remote code execution, which existed in addition to the fact that a total of seventy APIs that give access to the passwords were accessible via the internet. This allowed an attacker to run arbitrary code on a vulnerable device and access all passwords without the user noticing.

Ormandy claims to have fixed the bug ‘in less than thirty seconds’. He goes on to say that “he doesn’t know what to say” about the incident, as the password manager is installed by default with Trend Micro’s antivirus program. The company has since released a patch that solves the problems via the automatic update function, reports The Register.

It’s not the first time Ormandy has discovered critical vulnerabilities in software from other companies, including AVG and ESET. As in the current case, this is often accompanied by colorful statements about the seriousness of the vulnerabilities.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support