The brand new yr has kicked off with some hefty safety updates launched by the likes of Apple, Google, and Microsoft. January has been a busy time for enterprise patches too, with SAP, VMWare, and Oracle amongst these issuing safety fixes in the course of the month.
Right here’s every little thing it’s essential to know concerning the safety fixes launched in January.
Apple has launched iOS 16.3 together with a brand new characteristic that lets you use safety keys as an additional layer of safety in your Apple ID. Apple’s newest replace additionally comes with 13 safety fixes, together with three in WebKit, the engine that powers the Safari browser, two of which may permit code execution.
One other three points have been patched within the iPhone Kernel on the coronary heart of iOS. One of many vulnerabilities, tracked as CVE-2023-23504, is fairly severe—if exploited, it may lead to an app having the ability to execute code with Kernel privileges.
Apple additionally launched iOS 15.7.3 for customers of older iPhones, fixing six safety points together with the Kernel code execution bug patched in iOS 16.3. Not one of the points fastened in iOS 15.7.3 or iOS 16.3 are believed to have been utilized in real-life assaults. Nonetheless, Apple has launched iOS 12.5.7 for older gadgets to patch an already exploited WebKit vulnerability, CVE-2022-42856. The iPhone maker fixed the identical bug for smartphones utilizing iOS 15 in December.
Apple’s January updates additionally embody tvOS 16.3, Safari 16.3, macOS Huge Sur 11.7.3, macOS Monterey 12.6.3, watchOS 9.3, and macOS Ventura 13.2.
It was a busy begin to the yr for Google, which has fixed 17 vulnerabilities in its Chrome browser, two of that are rated as having a excessive affect. The primary of the 2 points, tracked as CVE-2023-0128, is a use-after-free bug in Overview Mode.
In the meantime, CVE-2023-0129 is a heap buffer overflow concern in Community Service. Eight of the patched vulnerabilities are marked as having a medium affect, together with CVE-2023-0130, an inappropriate implementation bug in Fullscreen, and CVE-2023-0137, a heap buffer overflow concern in Platform Apps.
Later within the month, Google patched six Chrome points, together with two rated as having a excessive affect. CVE-2023-0471 is a use-after-free bug in WebTransport and CVE-2023-0472 is a use-after-free bug in WebRTC.
Leave a Reply