Android
Mac & iOS
Network Security
Data & Privacy
Anti Scam and Spam
Browser Protection
One fine body…
Release Date: January 16, 2020
CVE Vulnerability Identifier: CVE-2019-15625
JVN Identifier (JPCERT): 49593434
Platform: Windows, macOS
CVSS 3.0 Score: 5.5
Severity Rating: Medium
Trend Micro has released updated versions of Trend Micro Password Manager for Windows and macOS which resolve a memory usage vulnerability that if exploited, could allow an attacker try and extract information from a vulnerable system.
Product | Affected Versions | Platform | Language(s) |
---|---|---|---|
Password Manager | 3.8.0.1103 and below | Microsoft Windows | English, Japanese |
3.8.0.1052 and below | macOS | English, Japanese |
Product | Updated Build | Platform | Language(s) |
---|---|---|---|
Password Manager | 5.0.1058 | Microsoft Windows | English, Japanese |
5.0.1037 | macOS | English, Japanese |
Trend Micro has addressed these vulnerabilities via a patch that is available now through the product’s automatic ActiveUpdate feature for all versions of Trend Micro Password Manager listed above. Customers who have updated to the latest version of Password Manager (5.x) listed above are protected.
This patch includes mitigations for the following vulnerability:
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Exploiting these types of vulnerabilities require that an attacker has access (physical or remote) to a vulnerable machine.
Even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to upgrade to the latest build as soon as possible.
Trend Micro would like to thank the following individuals and/or organizations for responsibly disclosing these issues and working with Trend Micro to help protect our customers:
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.