Trend Micro Antivirus

Main article: Antiviruses

2025: Fix a vulnerability that allows an intruder to elevate their privileges on a macOS device

PT SWARM expert Yegor Filatov helped eliminate the dangerous vulnerability anti-virus ON Japanese in the supplier. RT Trend Micro announced this on October 22, 2025. Due to a security defect, users were at risk, computers Apple including those who had already removed the antivirus program from their computer. In the event attacks , the offender could compromise them. If data the intrusion involved a corporate device, the attacker would have the opportunity to disrupt business processes organizations.

Vulnerabilities PT-2025-42831 [1], (CVE-2025-59931, BDU:2025-04878) are rated 7 out of 10 on the CVSS 4.0 scale, which corresponds to a high level of threat. A security flaw affected Trend Micro Antivirus version 11.8.1283. The error could allow the offender to elevate their privileges on the device under control macOS and freely perform any operations on the user's computer.

The manufacturer was notified of the threat as part of a responsible disclosure policy and issued security updates. To fix the vulnerability, you should update the program to version 11.8.1400 or 11.9.36 If you cannot download the update, the Positive Technologies expert recommends finding the executable running file of the program running in the background in the\Library\LaunchDaemons\folder and moving it to the\Library\PrivilegedHelperTools\folder. If the vulnerable system was removed from the computer earlier, you must also delete the startup file of this program.

Trend Micro Antivirus creates a special component on the user's computer that acts with elevated privileges, allowing the program to scan system files and block malware. After removing the vulnerable version of the antivirus, the component remained in a folder accessible to any user, - explained Yegor Filatov, junior specialist in the mobile application security research group, Positive Technologies. - To exploit the error, an attacker would have enough to penetrate the system, for example, using malware disguised as regular software. Then, with the help of the component remaining after the antivirus, an attacker could elevate privileges to the superuser level.

Having taken possession of elevated privileges, the attacker would hypothetically be able to control all actions on the victim's computer, read and edit valuable information. Superuser rights could allow him to steal passwords and other confidential data, as well as launch an ransomware or gain constant access to the device. If the computer were on a corporate network, the attacker could gain a foothold in it in order to steal data containing trade secrets or disrupt the business processes of the organization.