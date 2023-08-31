August saw a flurry of patch releases from big tech companies, including Microsoft, Google Chrome, and Firefox. These patches were aimed at fixing critical vulnerabilities, some of which were being actively exploited in attacks. While Apple iPhone updates were not released, several major enterprise fixes were made.

Microsoft’s August Patch Tuesday addressed numerous vulnerabilities, two of which were already being used in real-world attacks. One fix addressed a remote code execution (RCE) flaw in Windows Search that could bypass security features. Another flaw in .NET and Visual Studio could lead to denial of service. Six critical issues were fixed, including an RCE flaw in Outlook and RCE issues in the Microsoft Message Queuing service.

Google Chrome released multiple updates in August. The patches fixed high impact vulnerabilities, such as type-confusion flaws in V8 and heap buffer overflow issues. A later update addressed issues including use-after-free bugs and out-of-bounds memory access issues.

Firefox also had a busy month, with more than a dozen vulnerabilities fixed in its August release. The patched issues ranged from high-rated bugs in Offscreen Canvas and popup notifications delay calculation to memory safety bugs with possible memory corruption that could have been exploited to run arbitrary code.

Google issued 40 updates for its Android operating system, including patches for critical flaws in the Framework, System, and Kernel components. These fixes addressed vulnerabilities that could lead to remote code execution and local escalation of privilege.

IT software maker Ivanti released several patches, including fixes for flaws being exploited in real-world attacks. One vulnerability allowed an attacker to write arbitrary files on the web application server, while another flaw could bypass admin authentication. Ivanti also discovered a vulnerability in Ivanti Sentry that gave unauthorized access to sensitive APIs.

Cisco also released patches for multiple vulnerabilities in its products, such as a vulnerability in the filesystem image parser that could cause a denial of service. SAP had a busy Security Patch Day in August, fixing multiple vulnerabilities in its products, including flaws in SAP PowerDesigner.

It is important to update your systems with these patches to ensure protection against potential exploits.

Sources:

– Microsoft Patch Tuesday: https://support.microsoft.com/en-us/topic/august-2023-security-updates-patch-tuesday-dfb9b5e7-c141-464b-8a62-00d8649e8765

– Google Chrome Releases: https://chromereleases.googleblog.com/

– Firefox Release Notes: https://www.mozilla.org/en-US/firefox/notes/

– Android Security Bulletin: https://source.android.com/security/bulletin

– Ivanti Patches: https://www.ivanti.com/security-advisory

– Cisco Security Advisories: https://tools.cisco.com/security/center/publicationListing.x

– SAP Security Notes: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=570571609