CVE-2018-15366
Description
A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free vulnerability in Trend Micro Antivirus for Mac's KERedirect kext allows local attackers to escalate privileges to kernel level.
Vulnerability
A use-after-free vulnerability exists in the KERedirect kernel extension (kext) of Trend Micro Antivirus for Mac (Consumer) version 7.0 and above. The bug is in the handling of the UrlfWTPPagePtr variable, where the code fails to validate the existence of an object before performing operations on it [1].
Exploitation
An attacker must first gain the ability to execute low-privileged code on the target system. Then, by exploiting the use-after-free condition, the attacker can achieve arbitrary code execution in the context of the kernel [1].
Impact
Successful exploitation allows the attacker to escalate privileges from a low-privileged process to kernel level, resulting in full compromise of the system's confidentiality, integrity, and availability [1].
Mitigation
Trend Micro has released a security update to address this vulnerability. Users should update to the latest version of Trend Micro Antivirus for Mac (Consumer) as soon as possible [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2>=7.0+ 1 more
- (no CPE)range: >=7.0
- (no CPE)range: 7.0 (2017) and above
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.securityfocus.com/bid/105757mitrevdb-entryx_refsource_BID
- esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspxmitrex_refsource_CONFIRM
- esupport.trendmicro.com/solution/ja-jp/1121350.aspxmitrex_refsource_CONFIRM
- www.zerodayinitiative.com/advisories/ZDI-18-1293/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.