You need to update iOS, Android and Chrome right now
To find the update, you will need to check your device settings. Devices that have received the April Android update so far include Google’s Pixel devices and some third-party Android phones, including Samsung Galaxy A32 5G, A51, A52 5G, A53 5G, A71, S10 series, S20, Note20 series, Z Flip 5G, Z Flip3, Z Fold, Z Fold2 and Z Fold3, as well as the OnePlus 9 and OnePlus 9 Pro.
Google Chrome Emergency Updates
As the largest browser in the world with over 3 billion users, it’s no surprise that attackers are targeting Google Chrome. Browser-based attacks are particularly worrying because they can potentially be chained together with other vulnerabilities and used to take control of your device.
It’s been a particularly busy month for the team behind Google’s Chrome browser, which has seen several security updates every few weeks. The latest, released in mid-April, fixes two issues, including a high-severity zero-day vulnerability, CVE-2022-1364, which is already being used by attackers.
Technical details aren’t available at this time, but the timing of the patch – just a day after it was reported – indicates it’s pretty serious. If you are using Chrome, your browser must now be on version 100.0.4896.127 to include the fix. You will need to restart Chrome after installing the update to ensure it activates.
The Chrome issue also affects other Chromium-based browsers, including Brave, Microsoft Edge, Opera, and Vivaldi, so if you’re using one, be sure to apply the patch.
But that’s not all. On April 27, Google announced another Chrome update, fixing 30 security vulnerabilities. None of them have yet been mined, according to the company, but seven are classified as high risk. The update brings the browser to version 101.0.4951.41.
Oracle April 2022 Critical Patch Update
In mid-April, Oracle released its quarterly critical patch update, including 520 security fixes. Some of the issues addressed in the update are serious: 300 of them can be exploited remotely without authentication, and 75 security issues are classified as critical. Some of the Oracle patches fix CVE-2022-22965, aka Spring4Shell, a remote code execution (RCE) flaw in the Spring framework.
Microsoft’s Busy April Patch Tuesday
Microsoft had a major patch on Tuesday in April, releasing fixes for over 100 vulnerabilities, including 10 critical RCE flaws. One of the most prominent, CVE-2022-24521, is already exploited by attackers, according to the company.
Reported by the NSA and CrowdStrike researchers, the Windows Common Log File system driver issue does not require human interaction to exploit and can be used to gain administrative privileges on a logged-in system. Other notable fixes include CVE-2022-26904, a publicly known issue, and CVE-2022-26815, a serious DNS server flaw.
Fixed Mozilla Thunderbird 91.8.0
On April 5, Mozilla released a patch to address security issues in its Thunderbird email client as well as its Firefox browser. Details are scarce, but Thunderbird 91.8 fixes four vulnerabilities considered high impact, some of which could be exploited to execute arbitrary code.
Firefox ESR 91.8 and Firefox 99 also address several security issues.
WordPress Plugin Elementor Version 3.6.3
The Elementor website builder plugin for WordPress received a big security patch in April for a critical-rated vulnerability that could allow attackers to remotely execute code and effectively take control of a website.
Found by researchers at Plugin Vulnerabilities, the flaw was introduced to the plugin in version 3.6.0, released on March 22. the researchers said.
Although the attacker must be authenticated to exploit the issue, it is still quite serious as anyone connected to an affected website can exploit it. The update for Elementor’s 5 million users, version 3.6.3, should be applied as soon as possible.
More Great WIRED Stories
#update #iOS #Android #Chrome