You Should Update Apple iOS and Google Chrome ASAP


It’s time to explore software updates. March has seen the release of important patches Apple and iOS, Google Chromeand its competition for privacy Firefox. The bugs have also been squashed by enterprise giants including Cisco, VMware, and SAP.

Here’s what you need to know about the security updates released in March.

Apple iOS

Apple created a February in silence by issuing two separate patches in March. At the beginning of the month, the iPhone maker released iOS 17.4, fixing more than 40 bugs including two features that were previously used in real-world situations.

Followed like CVE-2024-23225, the first flaw in the iPhone Kernel could allow an attacker to bypass memory protections. “Apple is aware of a report that this issue may have been exploited,” the iPhone maker said support page.

Tracked as CVE-2024-23296, the second bug, in RTKit, the real-time operating system used in devices including AirPods, can also allow an attacker to bypass the security of the Kernel memory.

Later in March, Apple released the second version, iOS 17.4.1, this time to fix two errors in its iPhone software, both are tracked as CVE-2024-1580. Using a vulnerability documented in iOS 17.4.1, an attacker could inject code if they trick someone into sharing a photo.

Soon after releasing iOS 17.4.1, Apple released patches for its other devices to fix the same bugs: Safari 17.4.1, macOS Sonoma 14.4.1 and macOS Ventura 13.6.6.

Google Chrome

March was another rough month for Google, which reported several bugs in its Chrome browser. In the middle of the month, Google release 12 patches, including fixes for CVE-2024-2625, a story about the life cycle of a product in a V8 with high stiffness.

Intermediate vulnerabilities include CVE-2024-2626, an external computation bug in Swiftshader; CVE-2024-2627, Canvas post-processing bug; and CVE-2024-2628, improper installation issue in Download.

At the end of the month, Google printed Seven security updates, including an easy-to-use bug patch after free in ANGLE followed as CVE-2024-2883. Two other later implementation bugs, listed as CVE-2024-2885 and CVE-2024-2886, were assigned a higher severity. Meanwhile, CVE-2024-2887 is a problem of confusion in WebAssembly.

The last two articles were used in the Pwn2Own 2024 hacking competition, so you should update your Chrome browser ASAP.

Mozilla Firefox

Mozilla’s Firefox had a busy March, after all patch it up Two zero-day vulnerabilities used in Pwn2Own. CVE-2024-29943 is a cross-border issue, while CVE-2024-29944 is an arbitrary JavaScript bug in Event Handlers that can lead to sandbox escapes. All these issues are considered very important.

At the beginning of the month, Mozilla release Firefox 124 to address 12 security issues, including CVE-2024-2605, a sandbox-escape bug that affects Windows operating systems. An attacker could have used Windows Error Reporter to run arbitrary code, escaping the sandbox, Mozilla said.

CVE-2024-2615 addresses a persistent memory protection issue in Firefox 124. [they] It could have been misused to exploit it,” Mozilla said.

Google Android

Google released it in March Android Security Bulletinfixed about 40 things on its mobile operating system, including two critical bugs in its region. CVE-2024-0039 is a remote bug, while CVE-2024-23717 is a serious bug.

“The most significant of these issues is a significant security vulnerability in the System layer that could lead to remote code execution without the necessary additional access,” Google said in its advisory.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *