CVE-2020-27014 — Time-of-check Time-of-use (TOCTOU) Race Condition in Micro Antivirus FOR MAC

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

0.1%

top 81.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Antivirus FOR MAC Trendmicro Antivirus

Timeline

PublishedOct 30

Latest updateMay 24

Description

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/antivirus2020

▶CVEListV5trend_micro/trend_micro_antivirus_for_mac2020 (v10.x) and below

🔴Vulnerability Details

GHSA

GHSA-33p7-c5wh-6q6g: Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploi↗2022-05-24

▶

CVEList

CVE-2020-27014: Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploi↗2020-10-29

▶