CVE-2022-27883

Name of the Vulnerable Software and Affected Versions Trend Micro Antivirus for Mac version 11.5

Description A link following issue in Trend Micro Antivirus for Mac could allow an attacker to create a specially-crafted file as a symlink, potentially leading to privilege escalation. The attacker must have at least low-level privileges on the system to attempt to exploit this issue. The vulnerability is related to errors in link processing in the libTmUtil dylib component, which could allow a remote attacker to elevate their privileges and execute arbitrary code.

Recommendations For Trend Micro Antivirus for Mac version 11.5, consider disabling the link following functionality as a temporary workaround until a patch is available. Restrict access to the libTmUtil dylib component to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.