Zero-days

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

The Microsoft November 2022 Security Updates includes patches and advisories for 65 vulnerabilities, including 6 zero-days and 10 Critical severity issues.

CISA adds 8 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include iOS and Chrome zero-days)

The Cybersecurity and Infrastructure Security Agency (CISA) has added 8 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Apple iOS, Google Chrome, Cisco AnyConnect Secure, and Gigabyte vulnerabilities.

Apple releases new macOS Ventura 13, along with security updates for iOS zero-day and multiple Apple products

Apple has released new macOS Ventura 13, along with security updates for Apple iOS 16.1, iOS 15.7, macOS Monterey 12.6.1, macOS Big Sur 11.7.1, Safari 16.1, tvOS 16.1, and watchOS 9.1. One zero-day iOS vulnerability was also fixed.

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Apple patches vulnerabilities in iOS 16, iOS 15.7, macOS Monterey 12.6, Big Sur 11.7 and other products

Apple has released security updates for Apple iOS 16, iOS 15.7, macOS Monterey 12.6, macOS Big Sur 11.7, Safari 15.6, and other products. Apple also warned two zero-day vulnerabilities may have been exploited in the wild.