Google has reportedly addressed nearly 100 security issues in Android devices. back in December 2023. This includes two critical flaws in the Framework and one of the vulnerabilities, CVE-2023-40088, could lead the user to remove the code execution. On the other hand, CVE-2023-40078 is an elevation of privilege flaw.
User interaction is not required to take advantage, and successful exploitation will lead to remote advancement of privileges. Google has further emphasized that the severity assessment is based on potential effects on the affected Android devices. The company has further started to release an update for its WearOS platform to fix an elevation of privilege bug (CVE-2023-40094).
Microsoft December Patch: Fixes for 30+ Vulnerabilities
Microsoft's December Patch addressed over 30 vulnerabilities, which include several remote code execution (RCE) flaws. One notable fix was CVE-2023-36019, which has been addressed as a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6. The susceptibility could enable the attacker to use a malicious link, software, or other files to deceive the victim.
Apple's iOS 17.2 Release: Features and security patches
In December 2023, Apple released iOS 17.2, which is a significant upgrade featuring the Journal app and addressing 12 security patches. Among them was CVE-2023-42890, a vulnerability in the WebKit browser engine that could enable attackers to execute code. Additionally, Apple has identified a flaw in the iPhone's Kernel that could enable an app to break out of its secure sandbox, as mentioned on its support page of the company.
ALSO READ: Global iPhone users encounter cellular connectivity issues after iOS 17.2.1 update | Details
Inputs from IANS
