|
[Japanese]
|
JVNDB-2020-008931
|
Trend Micro Antivirus for Mac vulnerable to a privilege escalation
|
|
Antivirus for Mac provided by Trend Micro Incorporated contain a symbolic link privilege escalation vulnerability (CWE-61).
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Trend Micro, Inc.
- Antivirus for Mac 2019 (v9.x)
- Antivirus for Mac 2020 (v10.x)
|
|
|
An attacker who can access the product could exploit a crafted symbolic link on the system and may remove arbitrary files and folders.
|
|
[Update the software]
Apply the appropriate update according to the information provided by the developer.
* Antivirus for Mac 2019 (v9.x)
The 2019 family (Version 9.x) is no longer supported. The developer recommends users to upgrade to the latest supported version.
* Antivirus for Mac 2020 (v10.x)
The necessary patch (10.0.1803) is already available. Users of version 10.0 or above already have the patch applied through the product's automatic ActiveUpdate feature.
|
|
Trend Micro, Inc.
|
|
- UNIX Symbolic Link (Symlink) Following(CWE-61) [Other]
|
|
- CVE-2020-25776
|
|
- JVN : JVNVU#95014999
- National Vulnerability Database (NVD) : CVE-2020-25776
|
|
- [2020/10/07]
Web page was published
|
