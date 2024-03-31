



Let's check for software updates. March saw the release of important patches for Apple's iOS, Google's Chrome, and privacy-focused competitor Firefox. Bugs have also been squashed by enterprise software giants like Cisco, VMware, and SAP.

Here's what you need to know about security updates issued in March.

apple ios

Apple made up for a slow February by issuing two separate patches in March. At the beginning of the month, the iPhone maker released iOS 17.4, fixing more than 40 flaws, including two of his issues that have already been used in real attacks.

This bug, tracked as CVE-2024-23225, is the first bug in the iPhone kernel that could allow an attacker to bypass memory protections. Apple is aware of reports that this issue may have been exploited, the iPhone maker said on its support page.

The second flaw, tracked as CVE-2024-23296, is in RTKit, a real-time operating system used in devices such as AirPods, and could allow an attacker to bypass kernel memory protections.

In late March, Apple released its second software update, iOS 17.4.1. This time, his two flaws in iPhone software have been fixed, both tracked as his CVE-2024-1580. A patched issue in iOS 17.4.1 could allow an attacker to execute code if they persuade someone to interact with an image.

Shortly after the release of iOS 17.4.1, Apple released patches for other devices to fix the same bug: Safari 17.4.1, macOS Sonoma 14.4.1, and macOS Ventura 13.6.6.

google chrome

March was another busy month for Google, with the company fixing multiple flaws in its Chrome browser. In mid-month, Google released his 12 patches, including a fix for his CVE-2024-2625, a high severity object lifecycle issue in V8.

Moderate severity issues include CVE-2024-2626, a Swiftshader out-of-bounds read bug. CVE-2024-2627, Canvas use-after-free flaw. CVE-2024-2628, Improper implementation issue in downloads.

At the end of the month, Google issued seven security fixes, including a patch for a critical use-after-free flaw in ANGLE, tracked as CVE-2024-2883. Two additional use-after-free bugs, tracked as CVE-2024-2885 and CVE-2024-2886, have been given high severity ratings. CVE-2024-2887, on the other hand, is a type confusion flaw in WebAssembly.

The last two issues were exploited in the Pwn2Own 2024 hacking contest, so you should update your Chrome browser as soon as possible.

Mozilla Firefox

Mozillas Firefox had a busy March after patching two zero-day vulnerabilities exploited by Pwn2Own. CVE-2024-29943 is an out-of-bounds access bypass issue and CVE-2024-29944 is a privileged JavaScript execution flaw in an event handler that can lead to a sandbox escape. Both issues are rated as having a significant impact.

Earlier this month, Mozilla released Firefox 124, which addresses 12 security issues, including the sandbox escape flaw CVE-2024-2605, which affects Windows operating systems. According to Mozilla, the attacker may have been able to escape the sandbox by using Windows Error Reporter to execute arbitrary code on the system.

CVE-2024-2615 fixes a memory safety bug rated critical in Firefox 124. Some of these bugs show evidence of memory corruption, and we suspect that with enough effort they will resolve. [they] Mozilla says it could be exploited to execute arbitrary code.

google android

Google has released its March Android security bulletin, fixing nearly 40 issues in the mobile operating system, including two critical bugs in system components. CVE-2024-0039 is a remote code execution vulnerability and CVE-2024-23717 is an elevation of privilege vulnerability.

The most serious of these issues involves a critical security vulnerability in a system component that could allow remote code execution without additional execution privileges, Google said in the advisory.

