First published: Thu Apr 22 2021(Updated: )
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within com.trendmicro.AFM.HelperTool. The issue results from improper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Antivirus | >=10.5<10.5.2088 | |
Trendmicro Antivirus | >=11.0<11.0.2062 | |
Trend Micro Antivirus for Mac |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28648 is a vulnerability in Trend Micro Antivirus for Mac that allows local attackers to escalate privileges on affected installations.
The vulnerability occurs due to an improper access control issue within com.trendmicro.antivirus allowing the execution of low-privileged code.
The severity of CVE-2021-28648 is high, with a CVSS score of 7.8.
Trend Micro Antivirus for Mac versions 10.5.2088 to 11.0.2062 are affected by CVE-2021-28648.
To fix the vulnerability, it is recommended to update Trend Micro Antivirus for Mac to a version that is not affected by CVE-2021-28648.