Vulnerability
Multiple security vulnerabilities were identified in Trend Micro Dr. Safety in-built browser.Vulnerability Description
Due to multiple address bar spoofing vulnerabilities that were identified in Dr. Safety, the Trend Micro security team decided to remove the in-built browser from the application.
Affected Product
Trend Micro Dr. Safety prior to 3.0.1633
Disclosure Timeline
1. Apr 3, 2020 - Reported to vendor
2. Apr 8, 2020 - Received acknowledgement from vendor
3. Apr 23, 2020 - Vendor decided to remove in-built browser in Dr. Safety app
4. May 9, 2020 - Vendor released v3.0.1633 which no longer have in-built browser
5. June 12, 2020 - Advisory released from vendor
Perviously Identified Vulnerability
Same origin policy bypass in Dr. Safety in-built browser was patched in v3.0.1478 - Reference
0 coment�rios:
Post a Comment