SECURITY BULLETIN: Trend Micro Password Manager 2019 (Android) FLAG_SECURE Misuse
Release Date: November 25, 2019
CVE Vulnerability Identifier(s): CVE-2019-15629
Platform: Android 9.0 and above
CVSS 3.0 Score(s): 5.5
Severity Rating(s): Medium
Trend Micro had released a new build of Password Manager for Android that resolves a FLAG_SECURE Misuse vulnerability.
Trend Micro has released the following solutions to address the issue:
|Password Manager||2020 (Version 5.20.1021)||Android||English|
* Version 5.20.1021 is now available on the Android Play Store.
This update resolves the vulnerability found in Trend Micro Password Manager 2019 (Version 5.2) where a FLAG_MISUSE vulnerability could be exploited to allow the application to share information to third-party applications on the device.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to these vulnerabilities at this time. However, as with any and all vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.
Trend Micro would like to thank the following individual for responsibly disclosing these issues and working with Trend Micro to help protect our customers::
- Dhiraj Mishra (@RandomDhiraj) - Independent Security Researcher