Actively exploited Trend Micro Apex One zero-day addressed

Fixes have been issued by Trend Micro for an actively exploited critical remote code execution zero-day flaw affecting its Apex One endpoint protection solution, reports BleepingComputer. Trend Micro Apex One 2019, Trend Micro Apex One SaaS 2019, Worry-Free Business Security 10.0 SP1 or Virus Buster Business Security in Japan, and Worry-Free Business Security Services 10.0 SP1 or Virus Buster Business Security Services in Japan, are vulnerable to the security bug, tracked as CVE-2023-41179, which has been found within the security software's third-party uninstaller module. While the vulnerability has been detected to be leveraged in at least one attempted attack, Trend Micro noted that exploitation required prior theft and login of management console credentials. Organizations have been urged by Japan's Computer Emergency Response Team to immediately remediate the bug. "If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed," said JPCERT.