SECURITY BULLETIN: Trend Micro Password Manager 2019 (Android) FLAG_SECURE Misuse

  • Solution ID:1124012
  • Last Updated:Nov. 21, 2019 4:36 AM (PST)
  • Applies to:Password Manager - 5.X;
  • Trend Micro Password Manager 2019 FLAG_SECURE Misuse

Release Date: November 25, 2019

CVE Vulnerability Identifier(s): CVE-2019-15629

Platform: Android 9.0 and above

CVSS 3.0 Score(s): 5.5

Severity Rating(s): Medium


SUMMARY

Trend Micro had released a new build of Password Manager for Android that resolves a FLAG_SECURE Misuse vulnerability.


DETAILS

Affected Version(s)
PRODUCTAFFECTED VERSION(S)PLATFORMLANGUAGE(S)
Password Manager 5.1/5.0/3.x Android English

Solution

Trend Micro has released the following solutions to address the issue:

PRODUCTUPDATED VERSION(S)PLATFORMLANGUAGE(S)
Password Manager 2020 (Version 5.20.1021) Android English


* Version 5.20.1021 is now available on the Android Play Store.


Vulnerability Details

This update resolves the vulnerability found in Trend Micro Password Manager 2019 (Version 5.2) where a FLAG_MISUSE vulnerability could be exploited to allow the application to share information to third-party applications on the device.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to these vulnerabilities at this time. However, as with any and all vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.


Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing these issues and working with Trend Micro to help protect our customers::

  • Dhiraj Mishra (@RandomDhiraj) - Independent Security Researcher