You should update iOS, Chrome, Windows and Android right away

You should update iOS, Chrome, Windows and Android right away

You should update iOS

May was a busy month from a security update standpoint - Apple's Chrome, Android, Zoom, and iOS all released patches to fix serious vulnerabilities.

Meanwhile, it's been a turbulent time for Microsoft. The company was forced to distribute an out of band update. Cisco, Nvidia, Zoom and VMWare have also made patches available to fix important flaws.

We've put together everything you need to know below.

Apple iOS and iPadOS 15.5, macOS Big Sur 11.6.6, tvOS 15.5, watchOS 8.6 In May, Apple - which is preparing to present iOS 16 at the Worldwide Developers Conference in June - released what is likely to be the latest major update to iOS 15. In addition to new features, iOS and iPadOS 15.5 have fixed 34 security vulnerabilities, some of them serious.

WiredLeaks, how to send us an anonymous report Among the security problems fixed in iOS 15.5 are flaws in the kernel and in the WebKit browser rendering engine, as reported by Apple's support page. Fortunately, according to the company, none of the flaws in iOS and iPad 15.5 have been exploited for attacks, but that doesn't mean it can't happen in the future if you don't update the operating systems right away.

Meanwhile, too macOS, tvOS and Apple Watch users should update their devices as soon as possible, as Apple has also released an emergency update to correct an issue, which it believes has already been used for attacks. The flaw in Apple Avd, named CVE-2022-22675, could allow an app to execute code with kernel privileges. Given the severity of the problems in the kernel, it is worth checking and updating devices right away.

Microsoft's latest disastrous Patch Tuesday Microsoft releases its security updates on the second Tuesday of every month. But in May, the company's Patch Tuesday proved a disaster for companies as they installed the new updates right away.

Microsoft released security updates on May 10 to address 75 vulnerabilities, eight of which defined serious and three others already exploited by the attackers. Despite the scale of the issues at the heart of Patch Tuesday, problems quickly occurred for some Microsoft users, reporting authentication failures after installing the latest updates. The problem affected those who used the Windows client and server platforms and systems with all versions of Windows, including Windows 11 and Windows Server 2022.

In an attempt to solve the problem, the company was forced on May 20 to release an out-of-band update for Windows 10, Windows 11 and Windows Server 2008, 2012, 2016, 2019 and 2022. The update does not install automatically - you need to download it from Microsoft's update catalog.

Firefox 100.0.2 In early May Mozilla released Firefox 100, which includes nine security fixes for its browser, Firefox, seven of which have been rated as very serious. A few days later, however, the hackers who participated in the Pwn20wn competition in Vancouver were able to demonstrate how the attackers could execute JavaScript code on devices running the latest Mozilla software. Mozilla has fixed the problems in another update.

Android The latest Android security update is particularly important, as it fixes 36 vulnerabilities, including an issue already exploited by attackers. The flaw used is a privilege escalation bug in the Linux kernel known as "The Dirty Pipe".

The flaw, affecting newer Android devices running Android 12 and later, was made public by Google at February, but taking some time to reach devices.

May's other security fixes for Android include 15 high-severity and one critical-severity vulnerabilities in Qualcomm components, two denial-type flaws of service in the Android system and three high severity issues in MediaTek components.

Users of Google Pixel and Samsung in particular should pay attention to the May update, as more have been fixed on these devices vulnerability. The update has reached Android devices, including the Samsung Galaxy S22, Galaxy S22 + and Galaxy S22 Ultra, as well as the Galaxy Tab S8 series, the Galaxy Watch 4 series and the Galaxy S21 series.

Chrome 102 View more Choose the newsletters you want to receive and subscribe! Weekly news and commentary on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.

Arrow Google's browser Chrome also underwent a major security update in May, this time for 32 issues, including one classified as critical and eight considered to be of high severity. The critical issue, CVE-2022-1853, relates to the IndexedDB feature, while high-severity flaws affect areas such as DevTools and UI foundations.

According to Google, none of the flaws fixed with Chrome 102 have been exploited, unlike than what happened in April, when the company released some emergency updates to fix several already exploited vulnerabilities in its Chromium-based browser.

In early May, Google released 13 fixes for Chrome v101.0.4951 .61 on Android, eight of which are classified as high impact.

Cisco Cisco has resolved several vulnerabilities in the Cisco Enterprise Nfv infrastructure software that could allow an attacker to switch from the guest virtual machine to the machine host, enter commands that run at the root level, or leak system data from the host to the virtual machine.

It goes without saying that these problems, classified as CVE-20 22-20777, CVE-2022-20779 and CVE-2022-20780, are serious: so it is good to update the system as soon as possible.

Nvidia In mid-May the chip manufacturer Nvidia released a security update for its Nvidia GPU display driver, in order to correct defects that could lead to denial of service problems, information disclosure or data tampering. The list of ten vulnerabilities includes kernel-related issues on Windows and Linux devices. The updates are available in the downloads section of the Nvidia website.

Zoom Zoom, the popular video conferencing application, has released version 5.10.0 to correct an issue detected by Google's Project Zero security researchers in February. The flaw in the Xmpp messaging protocol requires no user interaction to perform the attack: "User interaction is not necessary for the attack to succeed. The only thing an attacker needs is the ability to send messages to the victim through Zoom's chat on the Xmpp protocol ", explains security researcher Ivan Fratric, who explains how a cybercriminal can force the victim's client to connect to a malicious server, then execute code.

VMWare The VMWare cloud provider has released patches to address several issues, including a privilege escalation vulnerability (CVE-2022-22973) and an authentication bypass flaw (CVE-2022-22972), which would allow an attacker accessing a system without having to authenticate. This latest patch should be applied immediately as "the ramifications are severe".

This article originally appeared on UK.

Powered by Blogger.