Googler Discovers Jaw-Dropping Trend Micro Bug

January 12, 2016 - Written By Daniel Fuller

If you have any form or version of Trend Micro Antivirus, you will want to update it immediately. A ludicrously easy backdoor exploit was discovered by Googler Tavis Ormandy and, thankfully, has been patched by Trend Micro as of yesterday. This backdoor, through a relatively simple HTTP listener, could have allowed attackers to run arbitrary code of almost any sort on a host machine due to the listener’s link to localhost. Of course, it came through a mandatory side-install with the antivirus program in the form of a built-in password manager, not unlike another antivirus program that recently made waves by exposing customers to a massive vulnerability for the sake of a bit of value-added functionality.

With Tavis’ help, Trend Micro’s product team managed to isolate the bug, strike it down and issue a fix on an emergency basis. The saga lasted from January 5 until just yesterday, consisting of posts on Google code between Tavis and the Trend Micro team leading up to the eventual conclusion when the patch finally went out to all users. All the while, Tavis was practically livid with Trend Micro’s people over other related bugs ranging from some poorly written code that didn’t do a whole lot all the way to a grand exploit that would allow attackers to steal the entire contents of a customer’s password cache. Seemingly infuriated at some points in the process, Tavis even went as far as to write, “… wtf is this…You were just hiding the global objects and invoking a browser shell…? …and then calling it “Secure Browser”?!? The fact that you also run an old version with –disable-sandbox just adds insult to injury.” It’s fairly safe to say that somebody, if not multiple people, on Trend Micro’s team, received a stern talking-to after the issue was resolved.

The moral of the story here is, quite simply, trust nobody when it comes to personal security. This marks twice in the past month that serious exploits were discovered, of all places, in antivirus programs. Not that they’re the only source of modern security irony, of course. Not every instance of this happening will have a hero coder, let alone one from Google, sweeping in to save the day, so users should always be careful what software they trust, read reviews and be vigilant for any strange activity.