Release Date: November 25, 2019
CVE Vulnerability Identifier(s): CVE-2019-15629
Platform: Android 9.0 and above
CVSS 3.0 Score(s): 5.5
Severity Rating(s): Medium
SUMMARY
Trend Micro had released a new build of Password Manager for Android that resolves a FLAG_SECURE Misuse vulnerability.
DETAILS
Affected Version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Password Manager | 5.1/5.0/3.x | Android | English |
Solution
Trend Micro has released the following solutions to address the issue:
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Password Manager | 2020 (Version 5.20.1021) | Android | English |
* Version 5.20.1021 is now available on the Android Play Store.
Vulnerability Details
This update resolves the vulnerability found in Trend Micro Password Manager 2019 (Version 5.2) where a FLAG_MISUSE vulnerability could be exploited to allow the application to share information to third-party applications on the device.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to these vulnerabilities at this time. However, as with any and all vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing these issues and working with Trend Micro to help protect our customers:
- Dhiraj Mishra (@RandomDhiraj) - Independent Security Researcher