Bulletin Date: June 11, 2020
Platform: Android
CVSSv3 Scores: 2.6 (Low)
Summary
Trend Micro has released an updated version of Trend Micro Dr. Safety for Android that resolves an address bar eliding vulnerability.
Affected versions
| Product | Affected Versions | Platform | Language(s) |
|---|---|---|---|
| Dr. Safety for Android | Versions below 3.0.1633 | Android | English |
Solution
| Product | Updated Build | Platform | Language(s) |
|---|---|---|---|
| Dr. Safety for Android | 3.0.1633 | Android | English |
Trend Micro has addressed the potential security issue by removing the built-in browser functionality of the app starting with build 3.0.1633 available on Google Play.
Vulnerability Details
The updated version of Trend Micro Dr. Safety listed above has removed the built-in browser functionality of the app, which contained a address bar eliding vulnerability that could allow an attacker to cause the browser to display an incorrect URL. The built-in browser functionality may be re-added in a future version.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Dhiraj Mishra (@RandomDhiraj)
