The Android safety patch is obtainable to Google’s Pixel units, which have their very own specific updates, and Samsung’s Galaxy vary, together with Samsung Galaxy Be aware 10, Galaxy S21, and Galaxy A73. You possibly can test for the replace in your settings.
Microsoft Patch Tuesday
Microsoft fastened a slightly hefty 98 safety points in its first Patch Tuesday of the 12 months, together with an already exploited vulnerability: CVE-2023-21674 is an elevation of privilege flaw impacting the Home windows Superior Native Process Name that might result in browser sandbox escape.
By exploiting the bug, an adversary might acquire System privileges, Microsoft wrote, confirming that the flaw has been detected in real-life assaults.
One other elevation of privilege vulnerability within the Home windows Credential Supervisor Consumer Interface, CVE-2023-21726, is comparatively straightforward to take advantage of and doesn’t require any interplay from the consumer.
January’s Patch Tuesday additionally noticed Microsoft repair 9 Home windows Kernel vulnerabilities, eight of that are elevation of privilege points and one info disclosure vulnerability.
Mozilla Firefox
Software program agency Mozilla has launched vital updates for its Firefox browser, essentially the most severe of which have been the topic of a warning by the US Cybersecurity and Infrastructure Safety Company (CISA).
Among the many 11 flaws fastened in Firefox 109 are 4 rated as having a excessive influence, together with CVE-2023-23597, a logic bug in course of allocation that might permit adversaries to learn arbitrary information. In the meantime, Mozilla said its safety workforce discovered reminiscence security bugs in Firefox 108. “A few of these bugs confirmed proof of reminiscence corruption and we presume that with sufficient effort, some might have been exploited to run arbitrary code,” it wrote.
An attacker might exploit a few of these vulnerabilities to take management of an affected system, CISA stated in its advisory. “CISA encourages customers and directors to evaluate Mozilla’s safety advisories for Firefox ESR 102.7 and Firefox 109 for extra info and apply the required updates.”
VMWare
Enterprise software program maker VMWare has revealed a safety advisory detailing 4 flaws affecting its VMware vRealize Log Perception product. Tracked as CVE-2022-31706, the primary is a listing traversal vulnerability with a CVSSv3 base rating of 9.8. By exploiting the flaw, an unauthenticated, malicious actor might inject information into the working system of an impacted equipment, leading to RCE, VMWare says.
In the meantime, a damaged entry management RCE vulnerability tracked as CVE-2022-31704 additionally has a CVCCv3 base rating of 9.8. It goes with out saying that these impacted by these vulnerabilities ought to patch as quickly as attainable.
Oracle
Software program big Oracle has released patches for a whopping 327 safety vulnerabilities, 70 of that are rated as having a crucial influence. Worryingly, 200 of the problems patched in January may be exploited by a distant unauthenticated attacker.
Oracle is recommending that individuals replace their programs as quickly as attainable, warning that it has obtained reviews of “makes an attempt to maliciously exploit vulnerabilities for which Oracle has already launched safety patches.”
In some cases, it has been reported that attackers have been profitable as a result of focused prospects had failed to use out there Oracle patches, it says.
SAP
SAP’s January Patch Day has seen the discharge of 12 new and up to date safety notes. With a CVSS rating of 9.0, CVE-2023-0014 is rated as essentially the most extreme bug by safety agency Onapsis. The flaw impacts nearly all of all SAP prospects and its mitigation is a problem, Onapsis says.
The capture-replay vulnerability is a danger as a result of it might permit malicious customers to acquire entry to an SAP system. “Full patching of the vulnerability contains making use of a kernel patch, an ABAP patch, and a guide migration of all trusted RFC and HTTP locations,” Onapsis explains.
