Advisory - Trend Micro Dr Safety ~ inputzero

Vulnerability

Multiple security vulnerabilities were identified in Trend Micro Dr. Safety in-built browser.

Vulnerability Description

Due to multiple address bar spoofing vulnerabilities that were identified in Dr. Safety, the Trend Micro security team decided to remove the in-built browser from the application.

Affected Product

Trend Micro Dr. Safety prior to 3.0.1633

Disclosure Timeline

1. Apr 3, 2020 - Reported to vendor

2. Apr 8, 2020 - Received acknowledgement from vendor

3. Apr 23, 2020 - Vendor decided to remove in-built browser in Dr. Safety app

4. May 9, 2020 - Vendor released v3.0.1633 which no longer have in-built browser

5. June 12, 2020 - Advisory released from vendor

Perviously Identified Vulnerability

Same origin policy bypass in Dr. Safety in-built browser was patched in v3.0.1478 - Reference

inputzero

(!=1337) - Just another security blog by Dhiraj

Advisory - Trend Micro Dr Safety

Vulnerability

Vulnerability Description

Affected Product

Disclosure Timeline

Perviously Identified Vulnerability

0 coment�rios:

Post a Comment