Release Date: May 06, 2024
Trend Micro Vulnerability Identifier: CVE-2024-34456
Platform(s): Mac OS
Summary
Trend Micro has released a new version of Trend Micro Antivirus One. This update addresses a vulnerability that previously allowed to inject a custom dynamic library (dylib) into the Antivirus One application, allowing the execution of malicious code within the application's context..
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Antivirus One | Version 3.10.3 and below | Macintosh | English |
Solution
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Antivirus One | Version 3.10.4 | Macintosh | English |
Vulnerability Details
Trend Micro Antivirus One, version 3.10.3 and below is vulnerable to a custom dynamic library injection, which could allow an attacker to potentially insert malicious code into the application’s context.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Raffaele Sabato for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.