Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform
Catalin Cimpanu August 12, 2021

Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform

Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform

Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year.

While details about the attacks are currently being kept under wraps, patches for both issues were made available at the end of July.

Trend Micro said the two zero-days appear to have been used together in an exploit chain where the hackers uploaded malicious code on Apex One platforms and then elevated their access to gain control over the host system.

  • CVE-2021-36741: Arbitrary File Upload Vulnerability
  • CVE-2021-36742: Local Privilege Escalation Vulnerability

Trend Micro is now encouraging that Apex One customers update their systems to the latest versions. The security firm said the patches impact both Apex One versions, the on-premise, and the cloud-hosted (SaaS) solution.

The two vulnerabilities mark the fifth and sixth zero-days in Trend Micro products exploited throughout 2020 and 2021. Previous zero-days include:

Trend Micro did not previously share or disclose any details about how the zero-days were exploited, so there should be no expectation that the company would share further details about the recent ones.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.