Trend Micro Patches Multiple Vulnerability - 20240510005

Overview

Trend Micro, has released an important update for its Antivirus One software, targeting a critical vulnerability that could have allowed attackers to inject malicious code. The vulnerability specifically affects the Macintosh platform.

They have also issued a security update to its Maximum Security software for Windows users, addressing a significant local privilege escalation vulnerability.

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected
CVE-2024-34456	N/A	Not yet rated	Antivirus One for Mac up to version 3.10.3
CVE-2024-32849	High	7.8	Trend Micro Security 17.7 (Consumer) for Windows, prior to 17.7.1979

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• TREND - SECURITY BULLETIN: Code Injection in Trend Micro Antivirus One

Additional References

• CVE-2024-32849: Trend Micro Maximum Security Privilege Escalation Vulnerability
• CVE-2024-34456: Trend Micro Patches Code Injection Vulnerability in Antivirus One