Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform
Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year.
While details about the attacks are currently being kept under wraps, patches for both issues were made available at the end of July.
Trend Micro said the two zero-days appear to have been used together in an exploit chain where the hackers uploaded malicious code on Apex One platforms and then elevated their access to gain control over the host system.
- CVE-2021-36741: Arbitrary File Upload Vulnerability
- CVE-2021-36742: Local Privilege Escalation Vulnerability
Trend Micro is now encouraging that Apex One customers update their systems to the latest versions. The security firm said the patches impact both Apex One versions, the on-premise, and the cloud-hosted (SaaS) solution.
The two vulnerabilities mark the fifth and sixth zero-days in Trend Micro products exploited throughout 2020 and 2021. Previous zero-days include:
- CVE-2019-18187 - disclosed in January 2020 and used by Chinese hackers to breach Mitsubishi Electric.
- CVE-2020-8467 and CVE-2020-8468 - disclosed in March 2020.
- CVE-2020-24557 - disclosed in April 2021.
Trend Micro did not previously share or disclose any details about how the zero-days were exploited, so there should be no expectation that the company would share further details about the recent ones.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.