Apple, Microsoft and Google just fixed multiple zero-day bugs
If you use any of the products or services of these technology giants(Apple, Microsoft and Google), you should update your devices and applications as soon as possible. This is because they recently patched several critical vulnerabilities that could allow attackers to compromise your security and privacy.
What are zero-day defects?
Zero-day flaws are software errors that developers or vendors are unaware of, but that hackers exploit before they can be fixed. They are called day zero because there is no time to prepare a defense or solution. These flaws can be used to steal data, install malware, spy on users, or take over devices.
How did they find them and fix them?
Apple, Microsoft, and Google all have dedicated teams of security researchers who constantly look for vulnerabilities in their own and other products. They also collaborate with external researchers who report bugs through bug bounty programs. These programs reward ethical hackers for responsibly finding and disclosing security issues.
Apple fixed 15 zero-day bugs affecting iOS, macOS, watchOS, and tvOS. Some of these flaws were reported by Google's Project Zero team, which specializes in finding zero-day vulnerabilities. Microsoft fixed 40 zero-day flaws affecting Windows, Office, Edge and other products. Some of these flaws were reported by Kaspersky Lab, a cybersecurity company. Google fixed 11 zero-day bugs affecting Chrome, Android, and other products. Some of these flaws were reported by Microsoft's Threat Intelligence Center, which tracks cyber threats.
What can you do to protect yourself?
The best way to protect yourself from zero-day attacks is to update your devices and apps regularly. You should also use antivirus, firewall, and VPN software to improve your security. You should also avoid clicking on suspicious links or attachments and use strong passwords and two-factor authentication for your online accounts.
Zero-day flaws are a serious threat to your security and privacy. But by following these simple steps, you can reduce the risk of falling victim to them.
Fall has arrived, but the cyber threat landscape remains as hot as ever, with several high-profile vendors patching vulnerabilities that are being exploited in the wild.
Among the most critical updates were those from Cisco, which addressed a flaw with the highest possible severity rating of 10 on the CVSS scale.
Spyware has also been a major concern in recent months, as attackers can compromise devices without user interaction. This underlines the need to keep your operating system up to date at all times.
Below is a summary of the most important security updates released in September.
Apple iOS and iPad operating system
Apple skipped security updates in August, but made up for them in September. The first update was iOS 16.6.1, an urgent security fix that came out on September 9 to fix two vulnerabilities that were being exploited in so-called “zero-click” attacks.
The flaws were discovered by researchers at the University of Toronto's Citizen Lab, who discovered that spyware could be delivered via malicious image attachments in an iMessage, in an attack they dubbed BLASTPASS.
In mid-September, Apple released its major software update, iOS 17, followed by iOS 17.0.1 a few days later. The unexpected iOS 17.0.1 update was crucial because it fixed three other iPhone vulnerabilities that were used in spyware campaigns.
The issues, identified as CVE-2023-41992 and reported by security experts at Citizen Lab and Google, include a kernel bug that could allow an attacker to gain elevated privileges and two security and WebKit flaws that could chain together to take over. of a user device.
Vulnerabilities patched in iOS 17.0.1 have also been fixed in iOS 16.7 for users of older iPhones or those who prefer not to upgrade to the latest software.
In late September, Apple released iOS 17.0.2 to fix some early bugs in iOS 17, and this is the most recent version of the software, at the time of publication.