Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

Advertisement

September has seen tech giants including Microsoft, Google, and Apple issue updates to fix multiple serious security vulnerabilities. Many of the flaws patched during the month have already been exploited by attackers, making it important to check your devices and update now.

Here’s what you need to know about the patches released in September.

Apple iOS

September is iPhone launch time, which also means the release of Apple’s updated operating system (OS) iOS 16. As expected, Apple released iOS 16 in early September, but it did so along with iOS 15.7 for iPhone users who want to wait before updating to the all-new OS.

Advertisement

If you decide not to go with iOS 16, it’s important you apply iOS 15.7 because both updates fix the same 11 flaws, one of which is already being used in real-life attacks.

The already exploited vulnerability—tracked as  CVE-2022-32917—is an issue in the Kernel that could allow an adversary to execute code, according to Apple’s support page.

Later in the month, Apple released iOS 16.0.1 to fix several bugs in the newly-released iPhone 14, and iOS 16.0.2, which fixes several iOS 16 issues. While Apple says iOS 16.0.2 contains “important security updates,” no CVE entries have been published at the time of writing.

Apple has also released iPadOS 15.7, macOS Big Sur 11.7, macOS Monterey 12.6, tvOS 16, and watchOS 9, as well as watchOS 9.0.1 for the Apple Watch Ultra.

Google Chrome

It’s been a busy month for Google Chrome updates, starting with an emergency fix to address a zero-day vulnerability already being used in attacks. Tracked as CVE-2022-3075, the flaw was deemed so serious that Google rushed out an update immediately after it was reported at the end of August.

Advertisement

Google didn’t give much detail about the vulnerability, which is related to an insufficient data validation issue within the runtime libraries known as Mojo, because it wants as many people as possible to update before more attackers get hold of the details.

In mid-September, Google released another fix, this time for 11 security vulnerabilities, including seven rated as high severity. Then, at the end of the month, Google issued Chrome 106, fixing 20 security flaws, five of which were rated as having a high severity. The most severe vulnerabilities include CVE-2022-3304, a use-after-free issue in CSS, and CVE-2022-3307, a use-after-free flaw in Media.

Google Android

September’s Android Security Bulletin has detailed fixes for multiple issues ranging from high severity to critical. Issues patched in September include flaws in the Kernel as well as the Android Framework and System components.

An additional update has also been released for Google’s Pixel devices addressing two critical vulnerabilities, CVE-2022-20231 and CVE-2022-20364, that could lead to privilege escalation by an attacker.

Advertisement