Two Trend Micro zero-days exploited in the wild by hackers
Two zero-days have been discovered in Trend Micro antivirus products, according to the company, who issued a security alert earlier this week. After hackers were able to exploit the zero-days, Trend Micro released patches on Monday that address the two vulnerabilities as well as three similarly critical issues. However, the other three issues are not exploited in the wild according to the Japanese antivirus maker.
The zero-days impact the company’s Apex One and OfficeScan XG enterprise security products. It is unclear whether the two recently discovered zero-days are related to a previous zero-day exploited by Chinese state-sponsored hackers (CVE-2019-18187) in an attack on the Japanese electronics firm Mitsubishi Electric. The recent zero-days, CVE-2020-8467, and CVE-2020-8468 are classified as critical and high risk respectively.