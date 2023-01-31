



Android security patches are available for Google’s Pixel devices with their own updates and Samsung’s Galaxy series, including the Samsung Galaxy Note 10, Galaxy S21, and Galaxy A73. You can check for updates in your settings.

microsoft patch tuesday

Microsoft fixed 98 critical security issues in its first Patch Tuesday of the year. This includes vulnerabilities that have already been exploited.

By exploiting the bug, an attacker could gain system privileges, Microsoft wrote, and confirmed that the flaw was detected in a live attack.

Another privilege escalation vulnerability in the Windows Credential Manager user interface, CVE-2023-21726, is relatively easy to exploit and does not require user interaction.

January’s Patch Tuesday also confirmed that Microsoft fixed nine Windows kernel vulnerabilities. Eight of them are elevation of privilege issues and one is an information disclosure vulnerability.

mozilla firefox

Software company Mozilla has released a significant update to its Firefox browser. The most serious of them have been the subject of an alert by the US Cybersecurity and Infrastructure Security Agency (CISA).

Of the 11 flaws fixed in Firefox 109, four rated high impact are CVE-2023-23597, a process allocation logic bug that could allow an adversary to read arbitrary files. Meanwhile, Mozilla said its security team found a memory safety bug in Firefox 108. Some of these bugs show evidence of memory corruption, and it is speculated that some could have been exploited to execute arbitrary code with enough effort.

An attacker could exploit some of these vulnerabilities to take control of an affected system, CISA said in its advisory. CISA recommends that users and administrators review Mozilla’s Security Advisories for Firefox ESR 102.7 and Firefox 109 for more information and apply any necessary updates.

VMware

Enterprise software maker VMWare has released a security advisory detailing four flaws affecting its VMware vRealize Log Insight product. The first, tracked as CVE-2022-31706, is a directory traversal vulnerability with a CVSSv3 base score of 9.8. By exploiting the vulnerability, an unauthenticated malicious actor could inject files into the affected appliance’s operating system, causing an RCE, according to VMWare.

Meanwhile, the Broken Access Control RCE vulnerability tracked as CVE-2022-31704 also has a CVCCv3 base score of 9.8. It goes without saying that those affected by these vulnerabilities should apply patches as soon as possible.

Oracle

Software giant Oracle has released patches for a whopping 327 security vulnerabilities, 70 of which are rated as having a critical impact. Worryingly, the 200 issues patched in January could be exploited by remote, unauthenticated attackers.

Oracle warns that it has received reports of attempts to exploit vulnerabilities for which Oracle has already released security patches, and recommends updating systems as soon as possible.

In some cases, attacks have been reported to be successful because the targeted customers were unable to apply available Oracle patches.

SAP

SAPsJanuary Patch Day released 12 new and updated security notes. With a CVSS score of 9.0, CVE-2023-0014 has been rated the most critical bug by security firm Onapsis. The vulnerability affects the majority of all SAP customers, making mitigation a challenge, he said, Onapsis.

Capture and replay vulnerabilities are dangerous because they can allow malicious users to gain access to your SAP system. Full vulnerability patching involves applying kernel patches, ABAP patches, and manual migration of all trusted RFC and HTTP destinations, he explains Onapsis.

