Three of the latest vulnerabilities (CVE-2022-2856, CVE-2022-32893 and CVE-2022-32894) affecting Windows, Mac and Linux systems need to be patched asap
The team behind the Chrome browser has confirmed that a total of 11 vulnerabilities need to be patched up across Linux, Mac OS and Windows operating systems.
One of these vulnerabilities, CVE-2022-2856, is a zero day bug being exploited by cybercriminals to gain access to system resources and executer arbitrary code on compromised systems.
Readers who have not already done so, should ensure that all Chrome browsers in their systems are up to date either through automatic updating or manual intervention. On the Windows platform, the version of the patched browser should be 104.0.5112.101/104.0.5112.102, while on the Mac and Linux platforms, the patched version is 104.0.5112.101.
All desktop computer browsers that utilize the Chrome engine are also to be updated: this includes Microsoft Edge, Opera and Brave.
Additionally, on the Mac platform, Apple has pushed out emergency patches for its iPhones, iPads and desktop machines. A remote-code execute (RCE) hole dubbed CVE-2022-32893 in the firm’s HTML rendering software (WebKit) allows hackers to booby-trap a web page so that just opening it up on the affected Apple devices could lead to implantation of malware. According to Paul Ducklin, Senior Technologist, Sophos: “There is also a kernel code execution hole dubbed CVE-2022-32894, by which an attacker that has already gained a basic foothold on an Apple device could exploit the abovementioned WebKit bug and could jump from controlling just a single app on your device to taking over the operating system kernel itself, thus acquiring the sort of ‘administrative superpowers’ normally reserved for Apple itself.”
Even the firm’s watchOS for wearables needs to be patched, but users of their video box should not be cautious as not patch had been announced for tvOS at the time of writing.