Security News > 2023 > September > Trend Micro fixes endpoint protection zero-day used in attacks
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
Apex One is an endpoint security solution catering to businesses of all sizes, and the 'Worry-Free Business Security' suite is designed for small to medium-sized companies.
"Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild," reads the security bulletin.
"Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine," explains Trend Micro.
"If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed," explains JPCERT. An effective workaround is limiting access to the product's administration console to trusted networks, locking out rogue actors who attempt to access the endpoint from external, arbitrary locations.
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks.
News URL
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)