Advisory - Trend Micro Dr Safety

Vulnerability 

Multiple security vulnerabilities were identified in Trend Micro Dr. Safety in-built browser.

Vulnerability Description

Due to multiple address bar spoofing vulnerabilities that were identified in Dr. Safety, the Trend Micro security team decided to remove the in-built browser from the application.

Affected Product

Trend Micro Dr. Safety prior to 3.0.1633 

Disclosure Timeline

1. Apr 3, 2020 - Reported to vendor
2. Apr 8, 2020 - Received acknowledgement from vendor
3. Apr 23, 2020 - Vendor decided to remove in-built browser in Dr. Safety app
4. May 9, 2020 - Vendor released v3.0.1633 which no longer have in-built browser
5. June 12, 2020 - Advisory released from vendor

Perviously Identified Vulnerability 

Same origin policy bypass in Dr. Safety in-built browser was patched in v3.0.1478 - Reference

0 coment�rios:

Post a comment