Zero-days

Apple patches vulnerabilities in iOS 16, iOS 15.7, macOS Monterey 12.6, Big Sur 11.7 and other products

Apple has released security updates for Apple iOS 16, iOS 15.7, macOS Monterey 12.6, macOS Big Sur 11.7, Safari 15.6, and other products. Apple also warned two zero-day vulnerabilities may have been exploited in the wild.

Microsoft September 2022 Security Updates addresses 63 vulnerabilities (5 Critical, 1 zero-day, 1 Spectre-BHP)

The Microsoft September 2022 Security Updates includes patches and advisories for 63 vulnerabilities. Five of those are rated Critical severity, one that addresses a previously disclosed Spectre-BHP flaw, and a zero-day exploited in the wild.

CISA adds 12 vulnerabilities to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added 12 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Apple, Chrome, Android OS, D-Link (5), QNAP NAS, MikroTik, Oracle WebLogic, FortiOS and FortiADC flaws.

Apple fixes 2 zero-days (CVE-2022-32894 and CVE-2022-32893) in iOS 15.6.1 and macOS Monterey 12.5.1 (update now!)

Apple has released security updates for Apple iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. The updates include fixes for two zero-day vulnerabilities (CVE-2022-32894 and CVE-2022-32893) under attack in the wild.

Google releases Chrome 104 security update with fixes for 11 vulnerabilities (1 zero-day CVE-2022-2856)

Google has released Chrome 104.0.5112.101 (Mac/Linux) and 104.0.5112.102/101 (Windows), with fixes for 11 vulnerabilities (one rated Critical and seven rated High severity). Additionally, one of the patches fixed a zero-day flaw CVE-2022-2856.

Microsoft August 2022 Security Updates addresses 121 vulnerabilities (17 Critical and 1 zero-day)

The Microsoft August 2022 Security Updates includes patches and advisories for 121 vulnerabilities, 17 of those rated Critical severity and one zero-day CVE-2022-34713 exploited in the wild.

Knotweed threat actors exploit Microsoft and Adobe 0-days and deliver Subzero malware

Knotweed threat actors have exploited Microsoft and Adobe 0-day vulnerabilities in targeted attacks against European and Central American customers. The actors also developed Subzero malware used in these attacks.