Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems.
Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.
Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild.
The security updates are available in iOS 17.4, iPadOS 17.4, and iOS 16.7.6.
Apple's macOS Sonoma 14.4 Security Update addresses dozens of security issues.
Jason Kitka, chief information security officer at Automox, said the vulnerabilities patched in this update often stem from memory safety issues, a concern that has led to a broader industry conversation about the adoption of memory-safe programming languages.
On Feb. 26, 2024, the Biden administration issued a report that calls for greater adoption of memory-safe programming languages.
On Mar. 4, 2024, Google published Secure by Design, which lays out the company's perspective on memory safety risks.
Mercifully, there do not appear to be any zero-day threats hounding Windows users this month.
Narang highlighted CVE-2024-21390 as a particularly interesting vulnerability in this month's Patch Tuesday release, which is an elevation of privilege flaw in Microsoft Authenticator, the software giant's app for multi-factor authentication.
Narang said a prerequisite for an attacker to exploit this flaw is to already have a presence on the device either through malware or a malicious application.
CVE-2024-21334 earned a CVSS score of 9.8, and it concerns a weakness in Open Management Infrastructure, a Linux-based cloud infrastructure in Microsoft Azure.
Microsoft says attackers could connect to OMI instances over the Internet without authentication, and then send specially crafted data packets to gain remote code execution on the host device.
CVE-2024-21435 is a CVSS 8.8 vulnerability in Windows OLE, which acts as a kind of backbone for a great deal of communication between applications that people use every day on Windows, said Kevin Breen, senior director of threat research at Immersive Labs.
A full list of the vulnerabilities addressed by Microsoft this month is available at the SANS Internet Storm Center, which breaks down the updates by severity and urgency.
Finally, Adobe today issued security updates that fix dozens of security holes in a wide range of products, including Adobe Experience Manager, Adobe Premiere Pro, ColdFusion 2023 and 2021, Adobe Bridge, Lightroom, and Adobe Animate.
Adobe said it is not aware of active exploitation against any of the flaws.
This Cyber News was published on krebsonsecurity.com. Publication date: Tue, 12 Mar 2024 20:45:11 +0000