iOS Security Flaws Fixed by Apple - Have You Updated?

September 01, 2022 By Saloni Behl

(Image Credit Google)

August was an exceptional month for security flaws fixed, with Apple, Google, and Microsoft all releasing Emergency fixes for exploited vulnerabilities. VMware, Cisco, IBM, and Zimbra also released numerous fixes this month. Apple iOS 15.6.1 iOS security flaws

An emergency Security update was released by Apple in August with iOS 15.6.1. There were two flaws fixed in the update that attackers were exploiting in the wild. WebKit and the Kernel vulnerabilities were being chained together in attacks, resulting in serious consequences. An adversary can gain control of your iPhone and access your sensitive files and banking information if an attack is successful. By combining the two flaws, device jailbreaks can be mounted without Apple's security restrictions. Using this technique, adversaries could "install background spyware and keep you under comprehensive surveillance," Ducklin explained. You should update your devices to iOS 15.6.1 immediately to ensure your safety. Additionally, Apple released iPadOS 15.6.1, watchOS 8.7.1, and macOS Monterey 12.5.1, all of which should be updated soon. Google Chrome chrome updates

Recently Google released a security update to fix the fifth zero-day flaw this year. However, the patches include the use-after-free flaw in the FedCM; tracked as CVE-2022-2852 and rated as critical as well as six highly rated issues and then three classed as having a mid-level impact. However, Google hasn’t provided any information about the exploited flaw but still, there is a possibility because attackers have gotten ahold of complete information. So, it is a better choice for you to update chrome as soon as possible. The most recent update comes in August, Google released chrome 104, fixing 27 vulnerabilities. Among all, seven of them were rated as having a high impact. Google Android Andriod update

There were dozens of fixes in the August Android security patch, including a flaw in the framework that could lead to local privilege escalation without additional privileges. The Android security patch was released late in August, but now it's available on many devices, including Google's Pixel range, Nokia's T20, and Samsung Galaxy devices. Also, it includes the Galaxy S series, Galaxy Note series, Galaxy Fold series, and Galaxy Flip series. Microsoft Microsoft update

The patches from Microsoft fixed over 100 security flaws, including 17 rated as critical. This patch addresses an already exploited vulnerability tracked as CVE-2022-34713, otherwise known as DogWalk. The remote code execution flaw in the Windows Support Diagnostic Tool can compromise a system if exploited. Over two years ago in January 2020, Microsoft was first made aware of the vulnerability that affected all Windows and Windows Server users, but at the time it was not considered a security threat. VMWare Vmware security flaws

In August, VMware patched several issues, including a critical authentication bypass bug called CVE-2022-31656. In addition, VMware Workspace ONE Access, Identity Manager, and Aria Automation were patched for an RCE vulnerability tracked as CVE-2022-31658. Meanwhile, a SQL injection RCE vulnerability found in VMware Workspace one access and identity manager also got a CVSS score of eight. cisco Cisco

The software maker issued Patches for a variety of flaws during August, including a bug that allowed an unauthenticated, remote attacker to retrieve an RSA private key from its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. There is a possibility of attack due to a logic error when the RSA key is saved in memory on a hardware platform that works as hardware-based cryptography said Cisco in an advisory. Although, the hacker or attacker could exploit this attack just by utilizing a Lenstra side-channel attack which is against the targeted device. However, a booming exploit might allow the attacker to retrieve the RSA private key if it is warned. IBM ibm security flaws

The gigantic software IBM has released the patches for a specific issue in the libcurl library that affects the IBM MQ. However, the first CVE-2022-27780 allows a remote attacker to bypass the security restrictions via a flaw that falsely accepts the parent-encoded URL separators like “/” by the URL parser. Moreover, an attacker makes use of the vulnerability just by sending a different crafted hostname in a URL, IBM said. Zimbra zimbra

Exploited flaws in the Zimbware Collaboration Suite have been considered a joint warning that the United sent out stated Cybersecurity and Infrastructure Security Agency and the multi-state information sharing and analysis center. Moreover, they introduce the patches for the five vulnerabilities which are rolled between may and late July of this year. CISA and MS-ISAC said that the organizations hadn’t updated the ZCS instances upon release to assume compromise and hunt for malicious activity.

By Saloni Behl

I always had a crush on technology that\'s why I love reviewing the latest tech for the readers.

iOS Security Flaws Fixed by Apple - Have You Updated?

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Apple's Siri Training Forward In AI Evolution

WhatsApp Rolls Out New Update: New Formatting Features Bring Order to the Chaos

WhatsApp Steps Up Privacy Game: Profile Pic Screenshots Get Blocked!

Google Chrome 122 Now Available: Here's What's New

OpenAI's Sora Stirs Debate on Ethics and Creativity

What is Windows 11 on ARM and How Does it Compare to Regular Windows?