Multiple security vulnerabilities were fixed with the release of patches from Apple, Microsoft, and others. Several of these issues have been exploited by attackers.
In the past month, there have been many important updates.
There are two operating systems for the Apple iPad and Apple iOS.
All users are recommended to apply for the new iPadOS 16. 1.1. You can assume that the two security vulnerabilities patched in the patch are serious.
There are two flaws in the libxml2 software library that could allow an attacker to execute code remotely. Both issues were reported by security researchers.
The flaws were fixed by macOS Ventura.
It is thought that neither vulnerability has been exploited by attackers, so it is a good idea to apply the update as soon as possible.
The Windows operating system is powered by Microsoft.
There were four zero day vulnerabilities patched in Microsoft's November Patch Tuesday.
There is a vulnerability in Windows that could allow a cybercriminal to gain system privileges. An adversary could gain control of the system if they were able to escalate privileges. There is a Windows script language vulnerability that can result in remote code execution. There is a vulnerability in Microsoft's Mark of the Web.
There is a mobile operating system called "Android."
Some of the vulnerabilities that were patched in November are serious, with more than one update arriving in November. A high-severity vulnerability in the Framework component is at the top of the list.
Two updates for the Media Framework components are included in the November patches. Five issues were fixed by the company.
The third- and fourth- generation of theGalaxy foldables have begun to receive the updates. The update can be checked in your settings.
It is possible to use the chrome browser.
The world's most popular browser continues to be a major target for attackers, with this month fixing its eighth zero day vulnerability this year.
A heap buffer overflow in the graphics processing unit has been reported by a researcher in the threat analysis group. The exploit for CVE-2022-4135 exists in the wild, according to the search engine.
Six of the 10 Chrome vulnerabilities that were fixed earlier in the month are rated as high susceptibility. Four use-after-free bugs are included. There are two issues in V8 and a heap buffer overflow in CrashPad.
There is a browser called MozillaFirefox.
It was a big month for the browser. Eight of the 19 security vulnerabilities that have been fixed are marked as having a high impact.
One of the most important patches is for a full-screen notification bypass that could allow an attacker to cause a window to go full-screen. This could lead to spoofing attacks. There are several use-after-free bugs that could lead to crashes and one flaw that could be exploited.
It's possible to use VMWare.
Three of the security vulnerabilities in the VMware Workspace ONE Assist have a base score of 9 or higher. There is a vulnerability in the system. VMWare warned that a malicious actor with network access could be able to get administrative access without the need for a password.
A broken method vulnerability could allow a malicious actor with network access to get admin access.