Additionally: Microsoft fixed some 100 flaws, while Oracle provided more than 500 security fixes.
April has been a big month for security updates, including emergency patches for Apple’s iOS , Android and Chrome that fix vulnerabilities already exploited by attackers.
Microsoft released its mid-April key fixes on Tuesday, while Android users on multiple devices should make sure to apply the latest update when it becomes available. Then you’ll can experience the new updates of Apple iOS ,Android and Chrome.
Know about Apple iOS ,Android and Chrome.
Here are all the April updates you need to know about Apple iOS , Android and Chrome. Accordingly you’ll should update the iOS , Android and Chrome.
Apple iOS and iPadOS 15.4.1, macOS 12.3.1
Apple released iOS and iPad 15.4.1 to fix a damage in AppleAVD that has been used to attack iPhones. Using the vulnerability, adversaries can execute arbitrary code with kernel privileges through apps. This could give an attacker full control over your device, so it’s important to apply a fix.
iOS and iPadOS 15.4.1 are now available for download. The update fixes a battery drain issue affecting some iPhone users. It is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later,. iPad 5th generation and iPad mini 4 and later.
Meanwhile, MacOS Monterey 12.3.1 fixes the same issue in MacOS, as well as another vulnerability in the Intel graphics driver CVE-2022-22674, which could allow an application to read kernel memory. This is another important fix—Apple says attackers may be exploiting this issue.
Apple released tvOS 15.4.1 and watchOS 8.5.1 including bug fixes.
The latest fixes address issues exploited by the Pegasus spyware, developed by Israeli firm NSO Group.
Recent report by security researchers at Citizen Labs
That’s the subject of a recent report by security researchers at Citizen Labs, which describes how Pegasus and other zero-click attacks have targeted,
- European parliamentarians
- legislators political activists
- civil society organizations
A zero-click attack is particularly scary because, as the name suggests, it requires no interaction to work. This means that a picture sent via iMessage can infect your iPhone with spyware.
Citizen Lab described a previously undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group. While some iOS versions prior to iOS 13.2 may be at risk, it’s critical to keep your iPhone up-to-date.
April 2022 Patches of Android
Android users need to be on alert, as Google has patched 44 flaws in its mobile operating system this month. According to Google’s Android Security Bulletin, the most severe issue in the framework component could allow local privilege escalation without any interaction from the user.
There are two parts to the update
- 2022-04-01 security patch level for most Android devices
- 2022-04-05 security patch level applies to specific phones and tablets.
The later of the two fixes 30 issues in system and kernel components, among other areas. There are also patches for five security issues specific to Google’s Pixel smartphones, one of which could allow an app to escalate privileges and execute code on certain versions of Linux.
You need to check your device settings to find the update. Devices that have received the Android April update so far include Google’s Pixel devices and some third-party Android phones including Samsung Galaxy A32 5G, A51, A52 5G, A53 5G, A71, S10 series, S20 series, Note20 series, Z Flip. 5G, Z Flip3, Z Fold, Z Fold2 and Z Fold3, as well as OnePlus 9 and OnePlus 9 Pro.
Google Chrome emergency updates
As the world’s largest browser with over 3 billion users, it’s no surprise that attackers have targeted Google Chrome. Browser-based attacks are particularly problematic because they can be combined with other weakness and used to take over your device
It’s been a busy month for the team behind Google’s Chrome browser, has seen multiple security updates within weeks of each other. The latest, released in mid-April, fixes two issues, attackers exploited including the high-severity zero-day vulnerability CVE-2022-1364.
The timing of the correction reported a day after and technical details are not currently available- suggest that it is more serious. If you use Chrome, your browser must now be on version 100.0.4896.127 to add the fix. After the update installed, you’ll need to restart Chrome to ensure it takes effect.
The Chrome issue also Effected
- Chromium-based browsers
- including Brave
- Microsoft Edge
- Opera
- Vivaldi
So if you use one of those, make sure to apply the patch.
But that’s not all. On April 27, Google announced another Chrome update, fixing 30 security vulnerabilities. None of these have been exploiting yet, the company said, but seven are rated high risk. The update brings the browser to version 101.0.4951.41.
Oracle’s April 2022 Critical Patch Update
In mid-April, Oracle released its quarterly critical patch update, which included 520 security fixes. Some of the issues fixed in the update were serious—they had 300 illegal use issues and 75 security issues rated critical severity. Some Oracle patches CVE-2022-22965, namely Spring4Shell, a remote code execution (RCE) flaw in the Spring framework.
Microsoft’s busy April Patch Tuesday
Microsoft had a big Patch Tuesday for April, providing fixes for more than 100 vulnerabilities, including 10 critical RCE flaws. One of the most critical, CVE-2022-24521, is already was exploited by attackers, the company said.
As reported by researchers from the NSA and CrowdStrike, the vulnerability in the Windows Common Log File System Driver does not require human interaction and can be used to gain administrative privileges on a logged-on computer. Other notable fixes include CVE-2022-26904—a publicly known issue—and CVE-2022-26815, a serious DNS server bug. server flaw.
Mozilla Thunderbird 91.8.0 Fix
April 5th, Mozilla released a patch to fix security issues in its Thunderbird email client as well as its Firefox browser. Details are scarce, but Thunderbird 91.8 fixes four vulnerabilities rated as high impact, some of which could be used to execute arbitrary code.
Firefox ESR 91.8 and Firefox 99 also fix multiple security issues.
WordPress plugin Elementor version 3.6.3
The Elementor website builder plug-in for WordPress received a major security fix in April for a critical-rated vulnerability that could allow attackers to execute remote code and effectively take over a website.
Discovered by Plugin Vulnerabilities researchers, the flaw introduced into the plugin in version 3.6.0, released on March 22. “We recommend not using this plugin until a full security review and all issues have been resolve,” the researchers said.
Attacker must be authenticate to exploit the issue,even more serious because anyone logged into an affected website can exploit it. An update to Elementor’s 5 million users, version 3.6.3, should be deployed as soon as possible.
Frequently Asked Questions
While iOS may be considered more secure, it’s not impossible for cybercriminals to attack iPhones or iPads with malware. Because of this, owners of both Android and iOS devices should be aware of potential malware and viruses and exercise caution when downloading apps from third-party app stores.
Sign in and turn on sync
1.On your iPhone or iPad, open the Chrome app. . If you don’t have the Google Chrome app yet, 2.download it from the App Store.
3.Tap More settings. Turn on sync.
4.Select the account you want to use.
5.Yes, knock me in
Apple has just announced that it has a serious security flaw that allows hackers to infiltrate their devices. Mac computers as well as iPhone and iPad devices are also vulnerable. If… Apple has just announced that it has a serious security flaw that could allow hackers to infiltrate their devices.
Google’s improved Safe Browsing is coming to iOS
First, stronger protection from both phishing and malware by bringing Google’s enhanced Safe Browsing functionality to iOS.
Related Posts
Here’s How to Reset Your Login Password on a Mac
