“April has been a heavy month for security updates. Including emergency patches for apple’s iOS and google chrome to correct vulnerabilities. Know to update iOS, Android and chrome now”.
As part of its mid-April Patch Tuesday, Microsoft delivered significant updates. But Android users should make sure they are installing the most recent update as soon as it becomes available.
You may find all the April updates listed below.
Apple iOS and iPadOS 15.4.1, macOS 12.3.1
Apple released iOS and iPad 15.4.1 just two weeks after the release of iOS 15.4. To address an AppleAVD vulnerability that was being used to attack iPhones. According to Apple’s support page, attackers might use an app to execute arbitrary code with kernel privileges by exploiting the CVE-2022-22675 vulnerability. It’s crucial to apply the fix because failing to do so could grant an attacker complete control over your device.
Additionally, the power drain issue that appeared in iOS 15.4 and affecting some iPhones is fixed in iOS and iPadOS 15.4.1. iPad Pro, iPad Air 2 and after, iPhone 6s and later, and iPad 5th generation and later. and subsequent iPad mini models. And iPod touch 7th generation are all eligible for the updates.
In the meantime, the same problem fixes in macOS Monterey 12.3.1. Along with a different vulnerability in the Intel graphics driver, CVE-2022-22674. Which might let an app read kernel memory. Apple claims that the problem may have been exploited by criminals, so it’s another crucial fix.
Along with bug updates, Apple also launched tvOS 15.4.1 and watchOS 8.5.1.
Apple iOS and iPadOS 15.4.1, macOS 12.3.1 CONT’D
Over the past year, Apple has released updates frequently, patching a number of critical flaws. Including the zero-click vulnerability used by the highly targeted Pegasus spyware created by the Israeli company NSO Group. Security experts at Citizen Lab recently published a paper on this topic. They described how Pegasus and other related zero-click attacks targeted lawmakers. Members of the European Parliament, political activists, and civil society organizations.
A zero-click attack is particularly terrifying because, as its name suggests, it functions without user intervention. So, an iMessage-sent image may infect your iPhone with malware.
A previously unknown iOS zero-click vulnerability HOMAGE that was utilized by NSO Group was described by Citizen Lab. It is crucial that your iPhone be up to date. As some iOS versions earlier than iOS 13.2 may be at risk.
Android’s April 2022 Patches
Android users should also be on guard since Google has patched 44 bugs in this month’s release of its mobile operating system. The most serious flaw in the framework component might allow local privilege escalation without any user involvement. According to Google’s Android Security Bulletin.
The 2022-04-01 security patch level for the majority of Android devices and the 2022-04-05 security patch level for particular smartphones and tablets make up the two components of the upgrade. The latter of the two fixes 30 bugs in various areas, including kernel and system components. Additionally, there are fixes for five security flaws that are unique to Google’s Pixel smartphones. One of which might let an app elevate its privileges and run code on specific Linux distributions.
You’ll need to check your device settings to find the update. Google’s Pixel devices and a few third-party Android phones. Such as the Samsung Galaxy A32 5G, A51, A52 5G, A53 5G, A71, S10 series, S20 series, Note20 series, Z Flip 5G, Z Flip3, Z Fold, Z Fold2, and the Z Fold3, as well as the OnePlus 9 and OnePlus 9 Pro, have so far received the Android April update.
Google Chrome Emergency Updates
It should come as no surprise that hackers are focusing on Google Chrome. The most popular browser in the world with over 3 billion users. Because they could exploit to seize control of your device by chaining together browser-based attacks with other vulnerabilities, they are particularly concerning.
For the team behind Google’s Chrome browser, which sent numerous security patches weeks apart, this month has been especially busy. The most recent, which was released in the middle of April, addresses two problems, including a critical zero-day vulnerability (CVE-2022-1364), which is already being exploited by attackers.
Although the technical specifics are not yet accessible, the fact that the remedy came barely one day after the issue was discovered suggests that it is a fairly serious issue. You should currently be using Chrome version 100.0.4896.127, which includes the fix. After the update installation, you must restart Chrome to make sure it takes effect.
Apply the patch if you use one of those browsers because the Chrome problem also affects Brave, Microsoft Edge, Opera, and Vivaldi, which are all Chromium-based.
That’s not all, though. Google released a new version of Chrome on April 27 that fixed 30 security flaws. According to the business, none of these have yet been exploit. Although seven are consider to be high risk. The browser is now at version 101.0.4951.41 after the update.
Oracle’s April 2022 Critical Patch Update
Oracle’s quarterly Critical Patch Update, which contain a staggering 520 security updates, was issued in the middle of April. The update addresses a number of major problems, 300 of which can remotely abuse without authentication, and 75 of which are security risks. Some of the Oracle patches fix the remote code execution (RCE) vulnerability (CVE-2022-22965, aka Spring4Shell) in the spring framework.
Microsoft’s Busy April Patch Tuesday
In April, Microsoft released patches for over 100 vulnerabilities, including 10 significant RCE problems. Attackers are already taking advantage of one of the most significant, CVE-2022-24521, according to the business.
The problem with the Windows Common Log File system driver, which was discover by the NSA and researchers at CrowdStrike. Can use to get administrative rights on a system that is currently log in without the need for human contact. Other significant solutions include those for CVE-2022-26904, a well publicized problem, and CVE-2022-26815, a critical DNS Server weakness.
Mozilla Thunderbird 91.8.0 Fix
On April 5, Mozilla released a patch to address security flaws in both its Firefox web browser and Thunderbird email client. There are few specifics, however Thunderbird 91.8 resolves four high impact vulnerabilities, some of which may use to execute arbitrary code.
Firefox 99 and Firefox ESR 91.8 both address numerous security flaws.
Version 3.6.3 of the Elementor WordPress Plugin
A significant security update for the Elementor website builder plug-in for WordPress was release in April to address a severe vulnerability that may have allowed remote code execution and inadvertent website takeover.
The vulnerability was discovered by researchers at Plugin Vulnerabilities and added to the plug-in in version 3.6.0, which was released on March 22. The researchers advise against using the plugin until all security concerns have been resolve and it has undergone a full security evaluation.
The vulnerability is nevertheless quite significant because anyone connect into a website that is vulnerable can exploit it, even though the attacker needs to be authenticate to do so. The 5 million users of Elementor should update as soon as possible to version 3.6.3.
Frequently Asked Questions
1. On iOS, how do I update Chrome?
When one is available, download Chrome. Your iPhone or iPad should now be in the App Store. In the top right corner, select Profile. Look for Chrome under “Available Updates” by scrolling down. Tap Update to install Chrome if it appears on the list. If asked, enter your Apple ID password. Updates will download and set up.
2. Has a hack been made into Google Chrome?
Google Chrome has been successfully hacked, according to Google, which also found 30 security weaknesses, seven of which are “serious” threats to users. Google announced in a blog post that a new version will strengthen security for Windows, Mac, and Linux in order to address the problems caused by the incident.
3. Chrome or Safari: Which is more secure?
Is Google Chrome Safer Than Safari? Both Chrome and Safari are safe browsers; in fact, Safari makes use of Google’s Safe Browsing database. When it comes to security and privacy, they are essentially neck and neck, however if you worry about your online privacy, we recommend utilizing a VPN. Hope the answer is there.