Apple has recently fixed 37 iPhone security flaws
 |
| Apple has recently fixed 37 iPhone security flaws |
Important updates, such as patches for already-exploited vulnerabilities in Microsoft and Google products, have been released in July. The first Apple iOS update in eight weeks was released this month, patching many security holes in iPhones and iPads.
Enterprise goods continue to have security flaws, despite July's fixes for SAP, Cisco, and Oracle software. What you need to know about the July security flaws is provided below.
15.6 Apple iOS
To address 37 security weaknesses, including one in the Apple File System (APFS) identified as CVE-2022-32832, Apple has updated iOS and iPadOS to version 15.6. According to Apple's support page, if abused, the vulnerability might provide an app root access to your device and the ability to execute code with kernel privileges.
Other updates for iOS 15.6 address issues with IOMobileFrameBuffer, Audio, iCloud Photo Library, ImageIO, Apple Neural Engine, and GPU Drivers as well as vulnerabilities in the kernel and WebKit browser engine.
Although Apple isn't aware of any of the fixed vulnerabilities being utilized in attacks, several of them are really serious—especially those impacting the kernel, the system's core. Update as quickly as you can because vulnerabilities can also be used in attacks that are chained together.
The July Patch Tuesday from Microsoft is a significant one, addressing 84 security flaws, one of which is already being utilized in actual assaults. The Windows Client/Server Runtime Subsystem (CSRS) server and client platforms, including the most recent versions of Windows 11 and Windows Server 2022, are vulnerable to a local privilege escalation bug known as CVE-2022-22047. According to Microsoft, a hacker who was able to properly exploit the flaw may have taken control of the system.
The 84 bugs fixed in Microsoft's July Patch Tuesday were among the 52 privilege escalation flaws, 4 security feature bypass flaws, and 12 remote code execution flaws.
In July, Google issued a critical update for its Chrome browser that addressed four problems, including a zero-day vulnerability that had already been exploited. The memory corruption vulnerability in WebRTC, tracked as CVE-2022-2294 and identified by researchers at Avast Threat Intelligence, was exploited to execute shellcode in Chrome's renderer process.
The vulnerability was used to spread spyware known as DevilsTongue in targeted attacks against Avast users in the Middle East, including journalists in Lebanon.
Avast ties the usage of the Chrome zero-day to Candiru, an Israeli organization that sells spyware to governments, based on the malware and attack methods utilized.
Post a Comment