Zero-day

Apple releases new macOS Ventura 13, along with security updates for iOS zero-day and multiple Apple products

Apple has released new macOS Ventura 13, along with security updates for Apple iOS 16.1, iOS 15.7, macOS Monterey 12.6.1, macOS Big Sur 11.7.1, Safari 16.1, tvOS 16.1, and watchOS 9.1. One zero-day iOS vulnerability was also fixed.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Google releases Chrome 104 security update with fixes for 11 vulnerabilities (1 zero-day CVE-2022-2856)

Google has released Chrome 104.0.5112.101 (Mac/Linux) and 104.0.5112.102/101 (Windows), with fixes for 11 vulnerabilities (one rated Critical and seven rated High severity). Additionally, one of the patches fixed a zero-day flaw CVE-2022-2856.

Google releases Chrome 103 security update with fix for zero-day vulnerability (CVE-2022-2294) exploited in the wild

Google has released Chrome 103.0.5060.114 for Windows with fixes for multiple vulnerabilities, to include one High severity zero-day (CVE-2022-2294) exploited in the wild.

Microsoft April 2022 Security Updates addresses 117 vulnerabilities (to include 2 zero-days) 

The Microsoft April 2022 Security Updates includes patches and advisories for 117 vulnerabilities, ten of those rated Critical and two zero-day flaws.

Mozilla patches 2 Critical Firefox zero-day security flaws under attack in the wild

The Mozilla Foundation has patched two Critical zero-day vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. There are also reported attacks in the wild against each of these flaws.

Google releases Chrome 98 security update with fix for zero-day vulnerability (CVE-2022-0609) exploited in the wild

Google has released Chrome 98.0.4758.102 for Windows, Mac and Linux with fixes for multiple vulnerabilities, to include one zero-day (CVE-2022-0609) exploited in the wild.