Apple Just Patched 39 iPhone Security Bugs: It’s July A month of significant updates, including patches for vulnerabilities already exploited in Microsoft and Google products. This month also saw the first Apple iOS update Eight weeks Fixing dozens of security flaws in iPhones and iPads.
Security vulnerabilities continue to plague enterprise products, even with patches issued in July for SAP, Cisco and Oracle software. Here’s what you need to know about the vulnerabilities fixed in July.
Table of Contents
Apple iOS 15.6 Security Bugs
Apple released iOS and iPadOS 15.6 to fix 39 security flaws, including an issue in Apple’s file system (APFS) tracked as CVE-2022-32832. If exploited, the vulnerability could allow an app to execute code with kernel privileges, according to Apple Support pageIt provides deep access to your device.
Other iOS 15.6 patches address vulnerabilities in the kernel and WebKit browser engine, as well as flaws in IOMobileFrameBuffer, Audio, iCloud Photo Library, ImageIO, Apple Neural Engine, and GPU drivers.
Apple is not aware of any patched flaws being used in the attacks, but some of the vulnerabilities are more serious—especially those affecting the kernel at the heart of the operating system. It’s also possible to trap vulnerabilities in attacks, so make sure you update as soon as possible.
Google Chrome Security Bugs
Google Released An emergency patch for its Chrome browser in July fixed four issues, including an already exploited zero-day flaw. Tracked as CVE-2022-2294 And Avast Threat Intelligence researchers reported that the memory corruption vulnerability WebRTC Abused to achieve shellcode execution in Chrome’s renderer process.
The flaw was used in targeted attacks to distribute spyware against Avast users in the Middle East, including journalists in Lebanon. Devil’s tongue.
Microsoft’s Patch Tuesday Security Bugs
Microsoft’s July patch Tuesday was big, fixing 84 security issues incl A flaw that is already being used in the real world Attacks. vulnerability, CVE-2022-22047, is a local privilege escalation flaw in the Windows Client/Server Runtime Subsystem (CSRSS) server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases. According to Microsoft, an attacker who successfully exploits the vulnerability could gain system privileges.
Of the 84 issues patched on Microsoft’s July Patch Tuesday, 52 were privilege escalation flaws, four were security feature bypass vulnerabilities, and 12 were remote code execution issues.
Microsoft security patches sometimes cause other problems, and the July update was no different: after the release, some users found that MS Access Runtime applications could not be opened. Thankfully, the company is releasing a Fix it.
Android July Security Bulletin Security Bugs
Google released the July Updates For its Android operating system, including a fix for a critical security vulnerability in a system component that could lead to remote code execution without requiring additional privileges.
Google also addressed serious issues in the kernel—which is information disclosure—and the framework, which could lead to an escalation of local privileges. Meanwhile, vendor-specific patches are available from MediaTek, Qualcomm, and Unisoc if your device uses those chips. Samsung devices started will receive July patch and google too Released Updates to its pixel range.
SAP Security Bugs
Software maker SAP has released 27 new and updated security notes as part of its July is Security Patch Day, addressing multiple high-severity vulnerabilities. Tracked as CVE-2022-35228The most serious problem was an information disclosure flaw in the central management console of the vendor’s Business Objects platform.
According to the security firm, the vulnerability allows an unauthenticated attacker to obtain token information over the network Onapsis. “Fortunately, an attack like this requires a legitimate user to access the app,” the firm adds. However, it is still important to patch as soon as possible.
Oracle Security Bugs
Oracle has Slipped Its July 2022 critical patch update contains 349 patches, including fixes for 230 remotely deployable bugs.
Oracle’s April patch update includes 520 Security solutionsSome of these include CVE-2022-22965, aka Spring 4 Shell, a remote code execution error in Spring Framework. Oracle’s July update continues to address this issue.