Trend Micro drops secure browser app following security fears

Trend Micro has made the decision to remove the Privacy Browser from its Dr Safety Android security suite after a reoccurring flaw was disc...

Trend Micro has made the decision to remove the Privacy Browser from its Dr Safety Android security suite after a reoccurring flaw was discovered in its software.

As reported by The Register, the vulnerability, which could be abused to trick users into believing that malicious web pages were legitimate, was first discovered by security consultant Dhiraj Mishra who responsibly reported it to the company back in April.

If exploited by an attacker, the bug could be used to alter the address bar on pages viewed in Trend Micro's Privacy Browser. For example, a phishing page designed to steal users' banking credentials could rewrite the URL bar to show the bank's real domain name as opposed to the URL used by the attackers.

Privacy Browser

Mishra explained that the flaw would be fairly easy to exploit and that an attacker would have plenty of targets to choose from given its install base of 10m people in an interview with The Register, saying:

"To exploit such flaws remotely, an attacker would host a malicious JavaScript packet and if a user visits a page hosting that malicious code, a new window or tab can be opened with a fake URL. There is no way of determining if the URL is authentic or not due to which this could result in capturing sensitive information such as username passwords. Additionally, along with address bar spoofing, attackers could also spoof SSL which makes the attack more difficult to determine the authenticity of the URL."

The vulnerability, tracked as CVE-2018-18334, has been confirmed by Trend Micro, though the company has decided to disable the browser outright instead of developing a patch for the flaw. Just by looking at the CVE assignment, you can see that the bug was first discovered in 2018 and the company has tried to deal with it in the past.

Back in January of last year, Trend Micro tried to patch the vulnerability but this year, Mishra was able to identify multiple address spoofing bugs of the same type that had not been fixed in the software. This explains why Trend Micro has now chosen to disable the Privacy Browser all together in its Dr Safety Android app.

  • Also check out our complete list of the best VPN services

Via The Register



from TechRadar - All the latest technology news https://ift.tt/3hi1eDL
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,109,Video,5,XIAOMI,13,YouTube - 9to5Google,108,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Trend Micro drops secure browser app following security fears
Trend Micro drops secure browser app following security fears
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/06/trend-micro-drops-secure-browser-app.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/06/trend-micro-drops-secure-browser-app.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy