Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords

itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow "anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction." The password manager in Trend's antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months.

we're using something called 'APK' over here

[SethJohnson]

Two weeks ago, my boss had us all download and install a few files described as 'APK'. She assured me it would protect our desktop machines from any and all potential malware threats. So far, I can't say she's wrong.

The weird thing is that when I try to search for reviews of this product, everything that turns up in Bing seems to be written by people with mental disorders. I guess it's probably anti-astroturfing by commercial competitors.