Adnan Farooqui reports:
It’s ironic when programs that are meant to protect you from attackers actually open up doors from them. One of Google’s information security engineers discovered a critical flaw in Trend Micro antivirus which would not only have allowed attackers to execute code remotely but would have even let them steal all of your passwords.
Trend Micro’s antivirus product features a password manager that lets users export their passwords to it. The manager has been written in JavaScript and it opens multiple HTTP remote procedure call ports to take care of API requests, explains Tavis Ormandy, the Google security engineer who found the flaws.
Read more on Ubergizmo.