CVE-2020-27014

Vulnerability

The vulnerability is a race condition in the Web Threat Protection Blocklist component of Trend Micro Antivirus for Mac 2020 (v10.x and below). Specifically, it resides in the KERedirect kext due to lack of proper locking when performing operations on an object [1]. Affected versions: Antivirus for Mac 2020 (v10.x) and below [2].

Exploitation

An attacker must first obtain the ability to execute high-privileged code on the target system [2]. Then, the attacker can trigger a time-of-check time-of-use (TOCTOU) race condition to exploit the lack of proper locking in the kext [1]. This requires precise timing to win the race.

Impact

Successful exploitation can cause a kernel panic or crash, leading to denial of service. Additionally, due to the kernel-level nature, an attacker could potentially escalate privileges and execute code in the kernel context [1]. CVSS score 8.2 (high) with vector AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H [1].

Mitigation

Trend Micro released patches via ActiveUpdate for versions 2020 v10.5 and v10.0 [2]. Customers with at least v10.0 should already have the fix. Users on v9.0 or below should upgrade to the latest version (2021 v11) [2]. No workaround is provided.