Skip to content

[GHSA-rjc8-fqvx-g34c] A time-of-check time-of-use vulnerability in the Trend...#7777

Closed
Vendetaaaa wants to merge 1 commit into
Vendetaaaa/advisory-improvement-7777from
Vendetaaaa-GHSA-rjc8-fqvx-g34c
Closed

[GHSA-rjc8-fqvx-g34c] A time-of-check time-of-use vulnerability in the Trend...#7777
Vendetaaaa wants to merge 1 commit into
Vendetaaaa/advisory-improvement-7777from
Vendetaaaa-GHSA-rjc8-fqvx-g34c

Conversation

@Vendetaaaa

Copy link
Copy Markdown

Updates

  • Affected products
  • CVSS v3
  • Description
  • Summary

Comments
Enriched the vulnerability profile by identifying the platform (macOS) and the core service module ('iCore'), specified the exact implementation breakdown (local privilege escalation to root via signature verification hijacking), populated the correct CVSS score details from the ZDI advisory matrix, and applied the official CWE-367 TOCTOU vulnerability designation.

@github-actions github-actions Bot changed the base branch from main to Vendetaaaa/advisory-improvement-7777 May 21, 2026 16:52
@JonathanLEvans

Copy link
Copy Markdown

Hi @Vendetaaaa,

Could you provide me the link where you found the package on npm?

@shelbyc

shelbyc commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

👋 Hi @Vendetaaaa, I'm closing this PR because Trend Micro Apex One isn't in any of the GitHub Advisory Database's supported ecosystems, so we can't review the advisory. Thanks for your interest in GHSA-rjc8-fqvx-g34c!

@shelbyc shelbyc closed this Jun 18, 2026
@github-actions github-actions Bot deleted the Vendetaaaa-GHSA-rjc8-fqvx-g34c branch June 18, 2026 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants