CVE-2020-27013

Vulnerability

CVE-2020-27013 affects Trend Micro Antivirus for Mac 2020 (Consumer), versions 10.x and below [2]. The product starts a webserver that implements an API with several properties that can be read and written to, allowing the attacker to gather and modify sensitive product and user data [1][2]. The specific flaw exists within the iCoreService endpoint, which listens on local TCP port 37848 by default [1]. The issue results from improper access control [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability [1][2]. No user interaction beyond that initial code execution is required [1]. The attacker can then communicate with the iCoreService endpoint over localhost to read and write sensitive data [1].

Impact

By leveraging this vulnerability, an attacker can disclose sensitive information in the context of root [1] and modify sensitive product and user data [2]. The CVSS v3.1 score is 4.4 (Medium) with a vector of AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N, meaning the impact is limited to low-level confidentiality and integrity compromise with no impact on availability [1].

Mitigation

Trend Micro addressed this vulnerability via ActiveUpdate patches for the 2020 family of products, providing build 10.5.1623 for version 10.5 and build 10.0.1803 for version 10.0 [2]. Customers with version 10.0 or later will already receive the patch automatically [2]. Users on version 9.0 and below are recommended to install the latest version (v11) to address the issue [2]. No workarounds are documented in the available references [1][2].