Pre-launch Update of the iOS Operating System and Implications for the Security of the Kernel as a Tool for Detecting Cyberattacks
Tech giants including Microsoft and Apple have issued security fixes in September. It is necessary to check your devices and update now because many flaws patched during the month have already been exploited by attackers.
October saw the release of two iOS 16 versions following the launch of the iPhone maker’s updated operating system in September. Several bugs and a security flaw in Mail were fixed in the first version of the app, but there were many other issues that needed fixing.
One flaw that is already being used in real-life attacks will be fixed by both updates, which is why it is important to apply both of them.
The already exploited vulnerability—tracked as CVE-2022-32917—is an issue in the Kernel that could allow an adversary to execute code, according to Apple’s support page.
iPadOS 15.7, tvOS 16, watchOS 9., and watchOS 9.0.1 are some of the latest operating systems released by Apple.
Searching for Security Vulnerabilities in Google Chrome, Chrome, and Pixel Earlier Updates: December Patch Tuesday Updates of Windows Smart Screen and Windows 7
Just days after the release of Chrome108, an emergency update arrived. Among the fixes are CVE-2022-4174—a type confusion flaw in V8—and several use-after-free bugs. None of these vulnerabilities have been exploited in attacks, according to Google. If the latest bug in Chrome is in the hands of attackers, then it’s a good idea to update it as soon as possible.
Google didn’t give much detail about the vulnerability, which is related to an insufficient data validation issue within the runtime libraries known as Mojo, because it wants as many people as possible to update before more attackers get hold of the details.
An additional update has also been released for Google’s Pixel devices addressing two critical vulnerabilities, CVE-2022-20231 and CVE-2022-20364, that could lead to privilege escalation by an attacker.
The iPadOS 16 was delayed due to the launch of the latest iPad models. There are longer list of security fixes in the latest versions.
Microsoft patched 49 security vulnerabilities, including a flaw used in attacks, on December Patch Tuesday. There is a Windows Smart Screen security feature that could potentially be susceptible to loss of integrity.
There was only one fix for the two actively exploited bugs in the Patch Tuesday update. The flaws were reported to Microsoft by security vendor GTSC. Researchers warn that Microsoft’s mitigations can be bypassed.
Security patches continue to arrive in December, despite the holiday season almost being over. Apple, Microsoft, and other big players in the technology world have released updates in the month.
Is iOS 16.2 Patched in a Viable State? Attacks and Impact of the Bugs on Mark of the Web Defenders
None of the issues patched in iOS 16.2 are known to have been used in attacks; however, many are pretty serious. The flaws, which are in both the kernels and the engine that powers WebKit, allow an attacker to execute code.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” Microsoft said.