September has seen tech giants including Microsoft, Google, and Apple issue updates to fix multiple serious security vulnerabilities. Many of the flaws patched during the month have already been exploited by attackers, making it important to check your devices and update now.
Here’s what you need to know about the patches released in September.
September is iPhone launch time, which also means the release of Apple’s updated operating system (OS) iOS 16. As expected, Apple released iOS 16 in early September, but it did so along with iOS 15.7 for iPhone users who want to wait before updating to the all-new OS.
Later in the month, Apple released iOS 16.0.1 to fix several bugs in the newly-released iPhone 14, and iOS 16.0.2, which fixes several iOS 16 issues. While Apple says iOS 16.0.2 contains “important security updates,” no CVE entries have been published at the time of writing.
Apple has also released iPadOS 15.7, macOS Big Sur 11.7, macOS Monterey 12.6, tvOS 16, and watchOS 9, as well as watchOS 9.0.1 for the Apple Watch Ultra.
It’s been a busy month for Google Chrome updates, starting with an emergency fix to address a zero-day vulnerability already being used in attacks. Tracked as CVE-2022-3075, the flaw was deemed so serious that Google rushed out an update immediately after it was reported at the end of August.
Google didn’t give much detail about the vulnerability, which is related to an insufficient data validation issue within the runtime libraries known as Mojo, because it wants as many people as possible to update before more attackers get hold of the details.
In mid-September, Google released another fix, this time for 11 security vulnerabilities, including seven rated as high severity. Then, at the end of the month, Google issued Chrome 106, fixing 20 security flaws, five of which were rated as having a high severity. The most severe vulnerabilities include CVE-2022-3304, a use-after-free issue in CSS, and CVE-2022-3307, a use-after-free flaw in Media.
September’s Android Security Bulletin has detailed fixes for multiple issues ranging from high severity to critical. Issues patched in September include flaws in the Kernel as well as the Android Framework and System components.
An additional update has also been released for Google’s Pixel devices addressing two critical vulnerabilities, CVE-2022-20231 and CVE-2022-20364, that could lead to privilege escalation by an attacker.