Go to listing page

Zero-Day Bugs Bug the Biggies

Zero-Day Bugs Bug the Biggies
Zero-day vulnerabilities have been one of the grievous threats faced by tech giants. In the past few days, several attackers have been observed exploiting new zero-day vulnerabilities in commonly used commercial products.

A couple of flaws in Apple

Apple has released emergency fixes for two zero-day flaws in its iPhone, iPad, and Mac devices. 
  • The first flaw, tracked as CVE-2022-22675, is an out-of-bounds write vulnerability in AppleAVD, the audio/video decoding component.
  • The other flaw, recognized as CVE-2022-22674, is an out-of-bounds read issue in the Intel Graphics Driver module. Both these bugs are said to be exploited in the wild.
  • These bugs have been fixed in iOS and iPadOS version 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1.

Trend Micro Bugs 

Trend Micro fixed a high-severity vulnerability in its Apex Central, a centralized management console for Trend Micro products and services which was being exploited in targeted attacks.
  • The vulnerability, tracked as CVE-2022-26871, impacts the SaaS as well as the on-premises version of the centralized management console.
  • The vulnerability allowed an attacker to remotely upload an arbitrary file and execute code. The company confirmed at least one active attempt of exploitation in the wild.
  • Trend Micro had released the patches for the SaaS version in early March and now it has released Patch 3 (Build 6016) for on-premises installations.

Google Chrome

Google recently fixed a high-severity zero-day bug in the Google Chrome browser, which was being exploited in the wild. 
  • The bug tracked as CVE-2022-1096, is a type of confusion vulnerability in the Chrome V8 JavaScript engine. 
  • Google has fixed the bug in Chrome 99.0.4844.84 for Windows, Mac, and Linux.

Ending notes

Attackers are increasingly finding and abusing new zero-day vulnerabilities and challenging the security posture of organizations. To stay protected, experts recommend deploying multiple layers of security. Additionally, it is suggested to keep only essential applications installed and have a robust patch management system to patch them as soon as updates are available.
Cyware Publisher

Publisher

Cyware

Previous

The Mysterious Borat RAT is an All-In-One Threat

Malware and Vulnerabilities

Next

New Spyware Actively Targets Android Users

Malware and Vulnerabilities

RESOURCES
Cyber Fusion Center Guide
EVENTS
News and Updates, Hacker News

Get in touch with us now!

1-855-692-9927

Download Cyware Social App

Terms of Use Privacy Policy © 2023