In May, Apple, Google, and Microsoft released significant security patches to address multiple vulnerabilities that were already being exploited by attackers. Additionally, enterprise software providers GitLab, SAP, and Cisco also issued fixes for various bugs in their products. Here’s a summary of the security updates released in May:
Apple iOS and iPadOS 16.5: Apple released iOS and iPadOS 16.5, which addressed 39 vulnerabilities, including three that were already being actively exploited. The fixes included patches for vulnerabilities in the Kernel and WebKit, with the exploited flaws tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.
Microsoft: During its mid-month Patch Tuesday, Microsoft released updates that resolved 40 security issues. Two of these vulnerabilities were zero-day flaws that were already being used in attacks. The first vulnerability, CVE-2023-29336, was an elevation-of-privilege bug in the Win32k driver. The second flaw, CVE-2023-24932, was a Secure Boot security feature bypass issue.
Google Android: Google released its latest Android security patches, fixing 40 vulnerabilities, including a Kernel vulnerability that was already being exploited. The updates addressed issues in various components of the Android system and included fixes for a high-severity security vulnerability in the Framework component.
Google Chrome 113: Google released Chrome 113, which included 15 patches for the popular browser. The fixes addressed several issues, including inappropriate implementation bugs and use-after-free issues.
GitLab: The open-source DevOps platform GitLab released a security update (version 16.0.1) to fix a critical path traversal vulnerability (CVE-2023-2825) that could allow an unauthenticated user to read arbitrary files on the server.
Cisco: Cisco fixed multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches. These vulnerabilities could enable an unauthenticated remote attacker to cause denial-of-service (DoS) or execute arbitrary code with root privileges.
SAP: SAP issued 25 new and updated security notes in its May 2023 Security Patch Day. One notable fix addressed a flaw (CVE-2021-44152) in Reprise RLM 14.2 that could allow an unauthenticated attacker to change the password of any existing user. Another fix addressed information disclosure vulnerabilities in the SAP BusinessObjects Intelligence Platform.
These updates and patches aimed to address critical security issues and protect users from ongoing attacks. It’s important for users to promptly install these updates to ensure the security of their systems and data.