Kaspersky and Trend Micro get patch bonanza after ID flaw and password manager holes spotted

Kaspersky and Trend Micro have released updates to address vulnerabilities in their respective security tools.

Updates come immediately after the monthly security patch dumps from Microsoft, Adobe, Apple and SAP, giving administrators one more update to test and install on user systems.

Kaspersky's solution addresses a privacy hole discovered and reported to the company by the German technology magazine C & # 39; t.

Journalist Ronald Eikenberg discovered that Kaspersky antivirus software was injecting JavaScript into websites (behavior used to search for malware) and include a unique identifier with that code. The code and identifier were also visible to the website operator.

"In other words, any website can read the user's Kaspersky ID and use it for tracking," Eikenberg explained. "If the same universally unique identifier returns, or appears on another website of the same operator, they can see that the same computer is being used."

Kaspersky, meanwhile, minimized the risk posed by the behavior but did so. acknowledges that he had been in contact with Eikenberg and had agreed to stop including unique identifiers as part of his web antivirus tool

"Kaspersky has changed the process of verifying web pages to detect malicious activities by eliminating the use of unique identifiers for requests GET, "a spokesman said in a statement to The Register .

"This change was made after Ronald Eikenberg informed us that the use of unique identifiers for GET requests may lead to the disclosure of a user's personal information."

"After our internal investigation, we have concluded that such user privacy commitment scenarios are theoretically possible but are unlikely to be carried out in practice, due to their Oplexity and low profitability for cybercriminals. However, we are constantly working to improve our technologies and products, which results in a change in this process. "

  patch

Intel: Listen, NUC morons! Mini PCs and computing devices have just received an important security solution.

READ MORE

For Trend Micro, the update will address a couple of DLL hijacking vulnerabilities in Password Manager 5.0 on Windows. The password tool is included in the Premium Security 2019 and Maximum Security 2019 suites.

Peleg Hadar of SafeBreach Labs and Trần Văn Khang of Infiniti Team obtained the credit for reporting CVE-2019-14684 and CVE-2019-14687 and found two separate errors that would allow an attacker to trick the Trend Micro password tool to execute code from unsigned DLL files. [19659002] While such a scenario would mean a complete take of the target machine, keep in mind that to exploit it, an attacker would not only have to know that the target was running the vulnerable Trend password manager, but also have the ability to Place malicious DLLs on PC.

Even so, those running Trend Password Manager 5.0 (also known as 2019) should upgrade to version 5.0.0.1058 or later. ®

Sponsored:
Balancing consumerization and corporate control

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Updated: August 15, 2019 — 11:44 pm