Apple’s IOS 16.4 Security Updates Are Effective Than Goose Emoji
Mandiant, a threat intelligence firm owned by Google, subsequently discovered that the flaw had been exploited for almost a year in attacks against businesses and important infrastructure.
The Google Android March security bulletin addresses more than 50 security flaws. The most serious is a critical vulnerability in a System component that could allow remote code execution without the need for additional execution privileges. According to Google, no user interaction is required for exploitation.
Google also fixed eight high-severity issues in the Framework that could result in privilege escalation without user interaction.
Meanwhile Google Project Zero researchers have discovered 18 zero-day vulnerabilities in Samsung Exynos Modems. The four most serious vulnerabilities CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498 allow internet-to-baseband remote code execution, according to the researchers’ blog. “Project Zero tests have demonstrated that all four of the flaws enable an attacker to compromise a phone via the baseband with no user interaction, and require only that the attacker know the victim’s phone number.
The devices that are affected are the S22, M33, M13 A71, A53, A33, A21s, A13, A12, and A04 series, as well as Google’s Pixel 6 and Pixel 7 series.
See more: Tiktok banned in EU amidst data privacy concerns
Patch timelines will vary by manufacturer but affected Pixel devices have all four of the critical internet-to-baseband remote code execution vulnerabilities fixed. According to Google, customers with impacted devices can safeguard themselves by turning off Voice-over-LTE (VoLTE) and Wi-Fi calling in their device settings.
Google has released Chrome 111, a security update that addresses eight flaws, seven of which are memory safety bugs with a high severity rating. A high-severity flaw in Passwords is tracked as CVE-2023-1528, and an out-of-bounds memory access flaw in WebHID is tracked as CVE-2023-1529.
In the meantime, CVE-2023-1530 is a PDF used by the UK’s National Cyber Security Centre and CVE-2023-1531 is a high-severity use-after-free vulnerability in ANGLE.
Google has determined that none of the issues have been used in attacks, but given their significance it is prudent to update Chrome whenever possible.
See more: 14 Million Customers Affected in Latitude Financial Data Breach
With its IOS and IOS XE Software, Cisco has released the twice-yearly security bundle, which resolves ten vulnerabilities. Cisco fixed six issues with a high impact, including CVE-2023-20080, a denial of service flaw and CVE-2023-20065 a privilege escalation bug.
Cisco patched multiple vulnerabilities in the web-based management interface of some Cisco IP Phones at the beginning of the month, which could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. CVE-2023-20078, a vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 series multiplatform phones has the lowest CVSS score of 9.8.
Author: Varsha Kumari
We hope you found article interesting. For more exclusive content follow us on Facebook, Twitter and LinkedIn
