You need to update Google Android, Chrome, Windows, iOS and Zoom
May was another busy month for security updates, with Google’s Chrome browser and Apple’s Android, Zoom and iOS operating system releasing patches to fix serious vulnerabilities.
Meanwhile, things didn’t go well for Microsoft, which was forced to release an out-of-band update after a disastrous patch on Tuesday during the month. And Cisco, Nvidia, Zoom, and VMWare have all released fixes for pressing flaws.
Here’s what you need to know.
Apple iOS and iPadOS 15.5, macOS Big Sur 11.6.6, tvOS 15.5, watchOS 8.6
While Apple was expected to announce iOS 16 at its Worldwide Developers Conference in June, the iPhone maker likely released its last major 15-point iOS update in May. It came with new features, but iOS and iPadOS 15.5 also patched 34 security vulnerabilities, some of which are serious.
Security issues addressed in iOS 15.5 include flaws in the kernel, as well as the WebKit browser engine, according to Apple’s support page. Fortunately, none of the fixes released in iOS and iPad 15.5 are being used in attacks, according to the company, but that doesn’t mean they won’t be if you don’t update now.
Meanwhile, macOS, tvOS and Apple Watch users should update their devices as soon as possible, as Apple has also released an emergency update to fix an issue it says is already being used in attacks. . The flaw in Apple AVD, tagged CVE-2022-22675, could allow an application to execute code with kernel privileges. Problems in the kernel are as serious as it gets, so it’s worth checking and updating your devices right away.
Microsoft Flubbed May Patch Tuesday
Microsoft’s May Patch Tuesday was something of a disaster for the diligent companies that installed it immediately.
On May 10, the company released security updates to fix 75 vulnerabilities, eight rated as serious and three exploited by attackers. The issues fixed in May’s Patch Tuesday were significant, but there were soon issues for some Microsoft users, who reported authentication failures after installing the latest updates. This has impacted people using client and server Windows platforms and systems running all versions of Windows, including Windows 11 and Windows Server 2022.
In a bid to fix the issue, the company was forced to release an out-of-band update for Windows 10, Windows 11, and Windows Server 2008, 2012, 2016, 2019, and 2022 on May 20. The update will not install automatically – you must download it from Microsoft’s Update Catalog.
The May Android security update is significant, patching 36 vulnerabilities, including an issue already exploited by attackers. This exploited flaw is a privilege escalation bug in the Linux kernel known as “The Dirty Pipe”.
The flaw, which affects new Android devices running Android 12 and later, was disclosed by Google in February, but it took some time to reach the devices.
Other Android security patches in May include 15 high-severity vulnerabilities and one critical-severity vulnerability in Qualcomm components, two denial-of-service flaws in Android system, and three high-severity issues in MediaTek components.
Google Pixel and Samsung users, in particular, should look out for the May update, as additional vulnerabilities have been patched on those devices. The update has so far reached Android devices including the Samsung Galaxy S22, Galaxy S22+, and Galaxy S22 Ultra, as well as the Galaxy Tab S8 series, Galaxy Watch 4 series, and Galaxy S21 series.
Another month, another major Google Chrome security update, this time for 32 issues, one of which is rated as critical and eight are rated as very serious. The critical issue, CVE-2022-1853, impacts IndexedDB functionality, while the top-rated flaws affect areas such as DevTools, UI foundations, and user training function.
None of the flaws patched in Chrome 102 have been exploited, Google says. This contrasts with April, when the company released emergency updates to fix several vulnerabilities already exploited in its Chromium-based browser.