itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow “anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction.” The password manager in Trend’s antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months. Read more of this story at Slashdot.
See the original article here:
Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords
