If you use any of the products or services of these tech giants (Apple, Microsoft and Google), you should update your devices and applications as soon as possible. This is because they recently patched several critical vulnerabilities that could allow attackers to compromise your security and privacy.
What are zero-day defects?
Zero-day flaws are software bugs that developers or vendors are unaware of, but that hackers exploit before they can be fixed. They are called zero-day because there is no time to prepare a defense or a fix. These flaws can be used to steal data, install malware, spy on users or take over devices.
How did you find and fix them?
Apple, Microsoft and Google have dedicated teams of security researchers who are constantly looking for vulnerabilities in their own and other products. They also collaborate with outside researchers who report bugs through bug bounty programs. These programs reward ethical hackers for responsibly finding and disclosing security issues.
Apple fixed 15 zero-day flaws affecting iOS, macOS, watchOS and tvOS. Some of these flaws were reported by Google’s Project Zero team, which specializes in finding zero-day vulnerabilities. Microsoft fixed 40 zero-day flaws affecting Windows, Office, Edge and other products. Some of these flaws were reported by Kaspersky Lab, a cybersecurity firm. Google fixed 11 zero-day flaws affecting Chrome, Android and other products. Some of these flaws were reported by Microsoft’s Threat Intelligence Center, which tracks cyber threats.
What can you do to protect yourself?
The best way to protect yourself from zero-day attacks is to update your devices and applications regularly. You should also use antivirus, firewall and VPN software to enhance your security. You should also avoid clicking on suspicious links or attachments and use strong passwords and two-factor authentication for your online accounts.
Zero-day flaws are a serious threat to your security and privacy. But by following these simple steps, you can reduce the risk of falling victim to them.
Autumn has arrived, but the cyber threat landscape remains as hot as ever, with several high-profile vendors patching vulnerabilities that are being exploited in the wild.
Among the most critical updates were those from Cisco, which addressed a flaw with the highest possible severity rating of 10 on the CVSS scale.
Spyware has also been a major concern in recent months, as attackers can compromise devices without user interaction. This underscores the need to keep your operating system up to date at all times.
The following is a summary of the most important security updates released in September.
Apple iOS and iPad operating system
Apple skipped security updates in August, but made up for it in September. The first update was iOS 16.6.1, an urgent security fix that came out on September 9 to fix two vulnerabilities that were being exploited in so-called “zero-click” attacks.
The flaws were discovered by researchers at the University of Toronto’s Citizen Lab, who discovered that the spyware could be delivered via malicious image attachments in an iMessage, in an attack they dubbed BLASTPASS.
In mid-September, Apple released its major software update, iOS 17, followed by iOS 17.0.1 a few days later. The unexpected iOS 17.0.1 update was crucial because it fixed three other iPhone vulnerabilities used in spyware campaigns.
The issues, identified as CVE-2023-41992 and reported by security experts at Citizen Lab and Google, include a kernel bug that could allow an attacker to gain elevated privileges and two security and WebKit flaws that could chain together to take over a user’s device.
The vulnerabilities patched in iOS 17.0.1 were also fixed in iOS 16.7 for users of older iPhones or those who prefer not to upgrade to the latest software.
In late September, Apple released iOS 17.0.2 to fix some initial bugs in iOS 17, and this is the most recent version of the software, at the time of publication.