Release Date: December 1, 2024
Trend Micro Vulnerability Identifier: CVE-2024-53647
Platform(s): Android and iOS
Summary
Trend Micro has released an update to Trend Micro ID Security, a family of consumer products for Android and iOS mobile devices. This update addresses a vulnerability wherein users can request multiple email verifications without restriction leading to a denial-of-service attack.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro ID Security | Version 3.0 and below | Android and iOS | English |
Solution
Trend Micro has released a backend system improvement to resolve this issue, new version release is not needed for the fix implementation.
Vulnerability Details
Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Nisha Thakur for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
