Might has been one other busy month of safety updates, with Google’s Chrome browser and Android working system, Zoom, and Apple’s iOS releasing patches to repair critical vulnerabilities.
In the meantime, issues haven’t run easily for Microsoft, which was compelled to problem an out-of-band replace after a disastrous Patch Tuesday in the course of the month. And Cisco, Nvidia, Zoom, and VMWare all issued patches for urgent flaws.
Right here’s what you have to know.
Apple iOS and iPadOS 15.5, macOS Large Sur 11.6.6, tvOS 15.5, watchOS 8.6
With Apple on account of announce iOS 16 at its Worldwide Developers Conference in June, the iPhone maker launched most likely its final main iOS 15-point replace in Might. It got here with new options, however iOS and iPadOS 15.5 additionally mounted 34 safety vulnerabilities, a few of that are critical.
Safety points mounted in iOS 15.5 embrace flaws within the Kernel, in addition to within the WebKit browser engine, in accordance with Apple’s support page. Fortunately, not one of the issued patches in iOS and iPad 15.5 are being utilized in assaults, in accordance with the corporate, however that doesn’t imply they received’t be if you happen to don’t replace now.
In the meantime, customers of macOS, tvOS, and the Apple Watch ought to replace their gadgets ASAP, as Apple additionally issued an emergency replace to patch a difficulty it believes is already being utilized in assaults. The flaw in Apple AVD, labeled CVE-2022-22675, might enable an app to execute code with Kernel privileges. Points within the Kernel are as dangerous because it will get, so it’s price checking and updating your gadgets immediately.
Microsoft’s Flubbed Might Patch Tuesday
Microsoft’s Might Patch Tuesday was one thing of a catastrophe for the diligent companies that put in it immediately.
On Might 10, the agency issued security updates to repair 75 vulnerabilities, eight labeled as critical and three that had been being exploited by attackers. The problems mounted in Might’s Patch Tuesday had been vital, however there have been quickly issues for some Microsoft customers, who reported authentication failures after putting in the most recent updates. It impacted folks utilizing the consumer and server Home windows platforms and programs working all Home windows variations, together with Home windows 11 and Home windows Server 2022.
In a bid to repair the issue, the agency was compelled to problem an out-of-band replace for Home windows 10, Home windows 11, and Home windows Server 2008, 2012, 2016, 2019, and 2022 on Might 20. The replace received’t set up robotically—you have to obtain it from Microsoft’s update catalog.
Firefox 100.0.2
In early Might, Mozilla launched Firefox 100, together with 9 safety fixes for its Firefox browser, of which seven had been rated as excessive severity. However later in Might, moral hackers on the Pwn20wn competitors in Vancouver had been capable of exhibit how attackers might execute JavaScript code on gadgets working the most recent Mozilla software program. Mozilla fixed the problems in one other updateFirefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1. Click on these replace buttons.
Android
Might’s Android safety replace is an enormous one, patching 36 vulnerabilities, together with a difficulty already being exploited by attackers. This exploited flaw is a privilege escalation bug within the Linux Kernel often called “The Dirty Pipe.”
The flaw, which impacts newer Android gadgets working Android 12 and later, was disclosed by Google in February, however it has taken some time to achieve gadgets.