CVE-2020-25777

Vulnerability

Trend Micro Antivirus for Mac 2020 (v10.x) and 2019 (v9.x) are vulnerable to a specific kernel extension request attack that bypasses the Web Threat Protection feature. The flaw resides in the KERedirect kernel extension module, where improper filtering of HTTP requests allows an attacker to circumvent the product's web filtering and threat blocking. User interaction is required; the target must visit a malicious page or open a malicious file [1][2].

Exploitation

To exploit this vulnerability, an attacker must craft a malicious webpage or file that, when visited or opened by a user running an affected version of Trend Micro Antivirus for Mac, triggers the bypass in the KERedirect kernel extension. The attacker does not need any special network position or authentication, as the attack is delivered remotely via a user-initiated action [1][2].

Impact

Successful exploitation allows an attacker to bypass the Web Threat Protection feature of Trend Micro Antivirus for Mac, resulting in a protection bypass that exposes the system to web-based threats that the software would normally block. The CVSS score is 5.4 (Medium), with a confidentiality and integrity impact of Low [1][2].

Mitigation

Trend Micro addressed this vulnerability in the 2020 family of products (v10.x) via an automatic ActiveUpdate patch. Customers who have at least version 10.0 will already have the necessary update. Users of version 9.x and below should upgrade to the latest version to receive the fix. No workarounds are listed, and Trend Micro is not aware of any active exploitation as of the advisory date [2].