Updates were released in a frenzy in December as companies like Google and Apple scrambled to release patches in time for the holidays in order to address critical vulnerabilities in their devices.
Giants in enterprise software also released their fair share of fixes; in December, Atlassian and SAP fixed a number of serious bugs. What you should know about the significant updates you may have missed this month is provided here.
iOS for Apple
Apple launched iOS 17.2, a significant point update, in the middle of December. It included 12 security patches along with new features like the Journal app. CVE-2023-42890, a bug in the WebKit browser engine that could allow an attacker to execute code, is one of the issues patched in iOS 17.2.
According to Apple’s support page, there is another vulnerability in the iPhone’s kernel, identified as CVE-2023-4291, that might allow an app to escape its safe sandbox. In the meantime, code execution may result from two ImageIO vulnerabilities, CVE-2023-42898 and CVE-2023-42899.
According to tests conducted by ZDNET and 9to5Mac, the iOS 17.2 update also implemented a technique to stop a Bluetooth attack using a penetration testing tool called Flipper Zero. An iPhone may experience a barrage of pop-ups and eventually freeze up due to a bothersome denial of service cyberattack.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: