Security Bulletin: Trend Micro Password Manager 2019 (Android) FLAG_SECURE Misuse

You’re offline. This is a read only version of the page.

🔍 Discover the added advantages of Trend Micro Premium Services and see how they can enhance your Trend Micro experience and protection. Explore your options here.

Views:

Release Date: November 25, 2019

CVE Vulnerability Identifier(s): CVE-2019-15629

Platform: Android 9.0 and above

CVSS 3.0 Score(s): 5.5

Severity Rating(s): Medium

SUMMARY

Trend Micro had released a new build of Password Manager for Android that resolves a FLAG_SECURE Misuse vulnerability.

DETAILS

Affected Version(s)

PRODUCT	AFFECTED VERSION(S)	PLATFORM	LANGUAGE(S)
Password Manager	5.1/5.0/3.x	Android	English

Solution

Trend Micro has released the following solutions to address the issue:

PRODUCT	UPDATED VERSION(S)	PLATFORM	LANGUAGE(S)
Password Manager	2020 (Version 5.20.1021)	Android	English

* Version 5.20.1021 is now available on the Android Play Store.

Vulnerability Details

This update resolves the vulnerability found in Trend Micro Password Manager 2019 (Version 5.2) where a FLAG_MISUSE vulnerability could be exploited to allow the application to share information to third-party applications on the device.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to these vulnerabilities at this time. However, as with any and all vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing these issues and working with Trend Micro to help protect our customers:

Dhiraj Mishra (@RandomDhiraj) - Independent Security Researcher

Keywords: FLAG_SECURE Misuse

Comments (0)

This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.

LAST UPDATED: NOV 25, 2019

Release Date: November 25, 2019

CVE Vulnerability Identifier(s): CVE-2019-15629

Platform: Android 9.0 and above

CVSS 3.0 Score(s): 5.5

Severity Rating(s): Medium

SUMMARY

Trend Micro had released a new build of Password Manager for Android that resolves a FLAG_SECURE Misuse vulnerability.

DETAILS

Affected Version(s)

PRODUCT	AFFECTED VERSION(S)	PLATFORM	LANGUAGE(S)
Password Manager	5.1/5.0/3.x	Android	English

Solution

Trend Micro has released the following solutions to address the issue:

PRODUCT	UPDATED VERSION(S)	PLATFORM	LANGUAGE(S)
Password Manager	2020 (Version 5.20.1021)	Android	English

* Version 5.20.1021 is now available on the Android Play Store.

Vulnerability Details

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing these issues and working with Trend Micro to help protect our customers:

Dhiraj Mishra (@RandomDhiraj) - Independent Security Researcher

How helpful was this article?

It was very unhelpful.
It wasn't helpful at all.
It was not helpful.
Somewhat helpful.
Just okay.
Just okay.
It was helpful.
It was somewhat helpful.
It was very helpful.
It was helpful.

Thank you for your feedback!

Feedback entity isn't available at the moment. Try again later.

🌟 Get Uninterrupted Support When You Need It Most 🌟

Security Bulletin: Trend Micro Password Manager 2019 (Android) FLAG_SECURE Misuse

SUMMARY

DETAILS

Affected Version(s)

Solution

Vulnerability Details

Acknowledgement

Modal header

SUMMARY

DETAILS

Affected Version(s)

Solution

Vulnerability Details

Acknowledgement