Drop What You are Doing and Replace iOS, Android, and Home windows



November noticed the launch of patches from the likes of Apple’s iOS, Google Chrome, Firefox, and Microsoft Home windows to repair a number of safety vulnerabilities. A few of these points are fairly extreme, and a number of other have already been exploited by attackers. 

Right here’s what you might want to learn about all of the vital updates launched prior to now month.

Apple iOS and iPadOS 16.1.1

Apple has launched iOS and iPadOS 16.1.1, which the iPhone maker recommends all customers apply. The patch fixes two safety vulnerabilities—and given the pace of the discharge, you possibly can assume they’re fairly severe. 

Tracked as CVE-2022-40303 and CVE-2022-40304, the 2 flaws within the libxml2 software program library might permit an attacker to execute code remotely, in line with Apple’s assist web page. The problems have been each reported by safety researchers working for Google’s Venture Zero. 

For Mac customers, the failings have been addressed by macOS Ventura 13.0.1.

The excellent news is, it’s believed neither vulnerability has been exploited by attackers, nevertheless it’s nonetheless a good suggestion to use the replace as quickly as potential. 

Microsoft Home windows

Microsoft’s November Patch Tuesday was one other large launch, seeing the Home windows maker repair 68 vulnerabilities, 4 of which have been zero days. 

Tracked as CVE-2022-41073, the primary is a Home windows print spooler elevation of privilege vulnerability that would permit a cybercriminal to achieve system privileges. In the meantime, CVE-2022-41125 is a Home windows Cryptographic Subsequent Era key isolation problem that would permit an adversary to escalate privileges and acquire management of the system. CVE-2022-41128 is a Home windows scripting language vulnerability that would end in distant code execution. Lastly, CVE-2022-41091 is a vulnerability in Microsoft’s Mark of the Net safety characteristic.

Google Android

Extra large updates for customers of Google’s Android units have arrived in November, with Google issuing patches for a number of vulnerabilities, a few of that are severe. On the prime of the record is a high-severity vulnerability within the Framework part that would result in native escalation of privilege, Google stated in a safety advisory.

The patches in November embrace two Google Play system updates for points impacting the Media Framework parts (CVE-2022-2209) and WiFi (CVE-2022-20463). Google additionally mounted 5 points affecting its Pixel units.

The Android updates have began to roll out to Samsung units, together with third- and fourth-generation Galaxy foldables. You may test for the replace in your Settings. 

Google Chrome 

The world’s hottest browser continues to be a main goal for attackers, with Google this month fixing its eighth zero-day vulnerability this 12 months. 

The vulnerability, tracked as CVE-2022-4135, is a heap buffer overflow in GPU reported by Clement Lecigne, a researcher in Google’s personal risk evaluation group. Google stated it “is conscious that an exploit for CVE-2022-4135 exists within the wild.”

Earlier within the month, Google issued an replace to repair 10 Chrome vulnerabilities, six of that are rated as high-severity. These embrace 4 use-after-free bugs: CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, and CVE-2022-3888. In the meantime, CVE-2022-3889 is a “sort confusion” problem in V8, and CVE-2022-3890 is a heap buffer overflow in Crashpad. 

Mozilla Firefox

November was additionally an enormous month for Google Chrome competitor Firefox. Mozilla has issued Firefox 107, fixing 19 safety vulnerabilities, eight of that are marked as having a excessive impression. 

One of the crucial vital patches is for CVE-2022-45404, a full-screen notification bypass that would permit an attacker to trigger a window to go full-screen with out the person seeing the notification immediate. This might end in spoofing assaults. In the meantime, a number of use-after-free bugs might result in an exploitable crash, and one flaw could possibly be exploited to run arbitrary code.


Software program maker VMWare has launched safety fixes for a number of safety vulnerabilities in its VMware Workspace ONE Help, three of which have a CVSSv3 base rating of 9.8. The primary, CVE-2022-31685, is an authentication bypass vulnerability. “A malicious actor with community entry to Workspace ONE Help could possibly get hold of administrative entry with out the necessity to authenticate to the applying,” VMWare warned in an advisory.

A damaged authentication methodology vulnerability tracked as CVE-2022-31686 might allow a malicious actor with community entry to acquire admin entry with out the necessity to authenticate. 

Source link