In its Apex One endpoint security software, Trend Micro said on Tuesday that it had fixed a number of bugs, including a zero-day vulnerability. A rollback function-related erroneous validation problem has been identified as the exploited vulnerability, listed as CVE-2022-40139.
The agent can download unverified rollback components and run arbitrary code as a result of the security flaw, according a translation of a Japanese-language advisory issued by Trend Micro. Read More…