CVE-2020-27015
Description
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trend Micro Antivirus for Mac 2020 leaks kernel pointers and debug messages through error messages, requiring high-privileged code execution.
Vulnerability
The vulnerability exists in the KERedirect kernel extension (kext) of Trend Micro Antivirus for Mac 2020 (Consumer) versions 10.x and below [1][2]. An error message generated by the kext includes sensitive information such as kernel pointers and debug messages, which can be exposed to userland processes [1]. The affected product family includes Antivirus for Mac 2020 (v10.x) and earlier versions [2]. The issue results from an error message that contains sensitive data, allowing information disclosure when the error is triggered [1].
Exploitation
To exploit this vulnerability, an attacker must first obtain the ability to execute high-privileged code on the target system [1][2]. The specific flaw requires local access and authentication as a high-privileged user (e.g., root) [1]. Once such access is achieved, the attacker can trigger the vulnerable code path in the KERedirect kext, causing the error message containing kernel pointers and debug information to be leaked to userland [1]. The CVSS vector (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N) indicates low attack complexity and no user interaction is needed beyond initial high privileges [1].
Impact
Successful exploitation allows an attacker to disclose sensitive kernel pointers and debug messages, leading to information disclosure of critical system data [1][2]. The confidentiality impact is high, while integrity and availability are not affected [1]. This leaked information can be leveraged in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel [1]. The scope of the compromise extends beyond the vulnerable component, potentially affecting the entire system due to kernel-level information disclosure [1].
Mitigation
Trend Micro has released a fix via ActiveUpdate for Antivirus for Mac 2020 versions 10.0 and 10.5 [2]. Customers running version 10.0 or higher will automatically receive the patch through ActiveUpdate. For version 9.0 and below, the vendor recommends installing the latest version (2021 v11) [2]. The update was made available on October 22, 2020 [2]. Trend Micro has not received reports of active exploitation in the wild [2]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2020 (v10.x) and below
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- helpcenter.trendmicro.com/en-us/article/TMKA-09975mitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-20-1286/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.