August has seen a flurry of patches released by technology giants like Microsoft, Google Chrome, and Firefox to fix serious vulnerabilities. These patches are crucial as some of the flaws are already being exploited in attacks. While there was no iPhone update from Apple, major fixes were released for enterprise software, including Ivanti, SAP, and Cisco. Microsoft's Patch Tuesday fixed numerous vulnerabilities, including ones being actively targeted. Google Chrome also issued updates, addressing high impact flaws in V8 and WebRTC. Firefox patched various vulnerabilities, some of which could lead to arbitrary code execution. Lastly, Google patched several critical vulnerabilities in its Android operating system, including RCE issues in System and Media Framework.
Apple has released emergency security updates to fix two new zero-day vulnerabilities that were exploited in attacks targeting iPhone and Mac users, bringing the total number of exploited zero-days patched this year to 13.
Apple devices are vulnerable to a zero-click, zero-day vulnerability that allows the delivery of Pegasus spyware, even on the latest iOS version, with the exploit being referred to as BLASTPASS by researchers at Citizen Lab who collaborated with Apple on addressing the issue.
Apple has released emergency security updates to fix three new zero-day vulnerabilities that were exploited to target iPhone and Mac users, bringing the total number of zero-days fixed this year to 16. The vulnerabilities allowed attackers to bypass signature validation, execute arbitrary code, and escalate privileges. The impacted devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey and newer, and Apple Watch Series 4 and later. The zero-days were discovered and reported by security researchers at Citizen Lab and Google's Threat Analysis Group.
Apple has released urgent security updates to patch vulnerabilities actively exploited, including flaws in WebKit, certificate validation, and kernel access, which were part of an exploit chain used to plant the Pegasus and Predator spyware.
Google has released an emergency patch for a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor, and the vulnerability has been linked to the zero-click iMessage exploit chain used to deploy the NSO Group's Pegasus spyware on compromised iPhones.
Microsoft has released patches to address zero-day vulnerabilities in open source libraries that affect its products, such as Skype and Edge browser, but the company has not confirmed if these vulnerabilities were exploited or if they were aware of any exploitation.
Apple has released an emergency patch to address a serious security flaw that may have already been exploited by attackers, marking the 16th documented zero-day exploit against Apple's iOS, iPadOS, and macOS-powered devices.
Apple has released security updates for older iPhones and iPads to address two zero-day vulnerabilities that were exploited in attacks, including privilege escalation and arbitrary code execution flaws.
A critical zero-day vulnerability in Cisco's IOS XE software, which allows attackers to gain control of affected systems, has been exploited in the wild, prompting Cisco to recommend disabling the affected feature on internet-facing systems.