Summer software program updates are coming thick and quick, with Apple, Google, and Microsoft issuing a number of patches for severe safety flaws in June. Enterprise software program corporations have additionally been busy, with fixes launched for scary holes in VMWare, Cisco, Fortinet, and Progress Software’s MOVEit merchandise.

A big variety of safety bugs squashed in the course of the month are being utilized in real-life assaults, so learn on, take word, and patch your affected methods as quickly as you possibly can.

Apple

Hot on the heels of iOS 16.5, June noticed the discharge of an emergency iPhone improve, iOS 16.5.1. The newest iPhone replace fixes safety vulnerabilities in WebKit, the engine that underpins Safari, and within the kernel on the coronary heart of the iOS system.

Tracked as CVE-2023-32439 and CVE-2023-32434, each points are code-execution bugs and have been utilized in real-life assaults, Apple mentioned on its support page.

While particulars concerning the already exploited flaws are restricted, safety outfit Kaspersky revealed how the kernel problem was used to carry out “iOS Triangulation” assaults in opposition to its employees. Impactful as a result of they require no interplay from the consumer, the “zero click” assaults use an invisible iMessage with a malicious attachment to ship spyware and adware.

Apple has additionally issued iOS 15.7.7 for older iPhones fixing the Kernel and WebKit points, in addition to a second WebKit flaw tracked as CVE-2023-32435—which was additionally reported by Kaspersky as a part of the iOS Triangulation assaults.

Meanwhile, Apple launched Safari 16.5.1, macOS Ventura 13.4.1, macOS Monterey 12.6.7, macOS Big Sur 11.7.8 , watchOS 9.5.2 and watchOS 8.8.1.

Microsoft

Microsoft’s mid-June Patch Tuesday contains safety updates for 78 vulnerabilities, together with 28 distant code execution (RCE) bugs. While among the points are severe, it’s the first Patch Tuesday since March that doesn’t embrace any already exploited flaws.

The vital points patched within the June replace embrace CVE-2023-29357, an elevation of privilege vulnerability in Microsoft SharePoint Server with a CVSS rating of 9.8. “An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user,” Microsoft mentioned.

“The attacker needs no privileges, nor does the user need to perform any action,” it added.

Meanwhile, CVE-2023-32031 and CVE-2023-28310 are Microsoft Exchange Server distant code execution vulnerabilities that require an attacker to be authenticated to use.

Google Android

It’s time to replace your Google Android gadget, because the tech large has launched its June Security Bulletin. The most severe problem fastened by Google is a vital safety vulnerability within the System element, tracked as CVE-2023-21108, that might result in RCE over Bluetooth with no extra execution privileges wanted. Another flaw within the System tracked as CVE-2023-21130 is a RCE bug additionally marked as vital.

One of the issues patched in June’s replace is CVE-2022-22706, a vulnerability in Arm parts that the chipmaker fastened in 2022 after it had already been utilized in assaults.