Views:

Bulletin Date: June 11, 2020

Platform: Android

CVSSv3 Scores: 2.6 (Low)

Summary

Trend Micro has released an updated version of Trend Micro Dr. Safety for Android that resolves an address bar eliding vulnerability.

Affected versions

Product Affected Versions Platform Language(s)
Dr. Safety for Android Versions below 3.0.1633 Android English

Solution

Product Updated Build Platform Language(s)
Dr. Safety for Android 3.0.1633 Android English


Trend Micro has addressed the potential security issue by removing the built-in browser functionality of the app starting with build 3.0.1633 available on Google Play.

Vulnerability Details

The updated version of Trend Micro Dr. Safety listed above has removed the built-in browser functionality of the app, which contained a address bar eliding vulnerability that could allow an attacker to cause the browser to display an incorrect URL. The built-in browser functionality may be re-added in a future version.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

  • Dhiraj Mishra (@RandomDhiraj)
Add a comment