CVE-2021-25227
Description
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trend Micro Antivirus for Mac 2021 (Consumer) contains a memory exhaustion vulnerability in iCoreService that allows local attackers to cause a denial-of-service condition, disabling scanning functionality.
Vulnerability
The vulnerability resides in the iCoreService executable of Trend Micro Antivirus for Mac. The issue results from improper validation of user-supplied data, which can lead to a memory exhaustion condition. Affected versions include 2021 (v11), 2020 (v10.5), 2020 (v10.0), and 2019 (v9.0) [1][2].
Exploitation
An attacker must first obtain the ability to execute low-privileged code on the target system. User interaction is required, such as visiting a malicious page or opening a malicious file. The attacker then triggers the memory exhaustion condition via the iCoreService process [1].
Impact
Successful exploitation results in a denial-of-service condition that disables all scanning functionality within the application. No data confidentiality or integrity impact is expected [1][2].
Mitigation
Trend Micro has released hotfixes for all affected versions: 2021 (v11), 2020 (v10.5), 2020 (v10.0), and 2019 (v9.0). Users should apply the appropriate hotfix from the Trend Micro support site. No workarounds have been provided [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Trend Micro/Trend Micro Antivirus for Macv5Range: 2021 (v11)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- helpcenter.trendmicro.com/en-us/article/TMKA-10191mitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-21-102/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.