Bulletin Date: June 11, 2020
CVSSv3 Scores: 2.6 (Low)
Trend Micro has released an updated version of Trend Micro Dr. Safety for Android that resolves an address bar eliding vulnerability.
|Dr. Safety for Android||Versions below 3.0.1633||Android||English|
|Dr. Safety for Android||3.0.1633||Android||English|
Trend Micro has addressed the potential security issue by removing the built-in browser functionality of the app starting with build 3.0.1633 available on Google Play.
The updated version of Trend Micro Dr. Safety listed above has removed the built-in browser functionality of the app, which contained a address bar eliding vulnerability that could allow an attacker to cause the browser to display an incorrect URL. The built-in browser functionality may be re-added in a future version.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Dhiraj Mishra (@RandomDhiraj)