September Updates of the iOS Operating System: What Have We Learned About Apple and What Have They Don’t Know About Them?
The updates have been released fast in October and patches from Apple, for example, can be found in Patch Tuesday. That’s in addition to updates to fix issues in Zoom, Cisco, VMWare, and SAP products.
October saw the release of two iOS 16 versions following the launch of the iPhone maker’s updated operating system in September. There were several bugs and a security hole in Mail that allowed denial of service attacks in the first release, which was iOS 16.0.3.
Later in the month, Apple released iOS 16.0.1 to fix several bugs in the newly-released iPhone 14, and iOS 16.0.2, which fixes several iOS 16 issues. While Apple says that it has important security updates, there have been no entries published at this time.
Apple claims that there is a vulnerability in the Kernel that could allow an adversary to execute code.
In addition, there are also watchOS 9.0.1 and iPadOS 15.7, which are available for the Apple Watch Ultra.
A Zero Day Exploitation of a Critical Vulnerabilities in Chrome and Windows COM+ Event System Service: Patch Tuesday Updates
It’s been a busy month for Google Chrome updates, starting with an emergency fix to address a zero-day vulnerability already being used in attacks. The flaw was found at the end of August and an update was issued straight away by the company.
There is a vulnerability in the software that is related to inadequate data validation within the library known as “Mole”, but it’s not known what aspects of the vulnerability are related or how attackers can exploit it.
There are at least two critical vulnerabilities that could lead to privilege escalation and they are addressed in an additional update.
The release of iPadOS 16 was delayed because of the launch of the latest iPad models. The latest iOS versions come with a much longer list of security fixes and include an already exploited flaw.
Patch Tuesday is filled with fixes for a rather large list of flaws. There are 13 that are considered critical and one used in attacks. Tracked as CVE-2022-41033, the elevation of privilege vulnerability in Windows COM+ Event System Service impacts almost every version of Windows. The flaw is serious as it could be used to take over a machine.
The two actively exploited bugs were not patched in the Patch Tuesday updates. The flaws were reported to Microsoft by security vendor GTSC. Researchers say that Microsoft’s mitigations can be bypassed.