TrendMicro hole gives attackers the keys to affected PCs

A recent version of TrendMicro Antivirus contained a serious security vulnerability that would let a remote attacker run arbitrary commands on the target system and steal users' passwords. The now-patched flaw was present in the software's password management component and was discovered by security researcher Tavis Ormandy of Google Project Zero.

After installing TrendMicro Antivirus, Ormandy noticed that the software was listening on a few network ports for no apparent reason. After some investigation, he discovered that the password management component ...

Read more...