CVE-2023-26083 is a matter in Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips, rated as having a reasonable impression. The vulnerability was used to ship spy ware to Samsung gadgets in December 2022.

CVE-2021-29256 is a high-severity flaw that additionally impacts Bifrost and Midgard Arm Mali GPU kernel drivers.

The Android updates have already reached Google’s Pixel devices and a few of Samsung’s Galaxy range. Given the severity of this month’s bugs, it’s a good suggestion to verify whether or not the replace is offered and set up it now.

Google Chrome 115

Google has issued the Chrome 115 update for its common browser, fixing 20 safety vulnerabilities, 4 of that are rated as having a excessive impression. CVE-2023-3727 and CVE-2023-3728 are use-after-free bugs in WebRTC. The third flaw rated as having a excessive severity is CVE-2023-3730, a use-after-free vulnerability in Tab Groups, whereas CVE-2023-3732 is an out-of-bounds reminiscence entry bug in Mojo.

Six of the failings are listed as having a medium severity, and not one of the vulnerabilities are identified to have been utilized in real-life assaults. Even so, Chrome is a extremely focused platform, so verify your system for updates.

Firefox 115

Hot on the heels of Chrome 115, rival browser Mozilla has launched Firefox 115, fixing a number of flaws it charges as having excessive severity. Among these are two use-after-free bugs tracked as CVE-2023-37201 and CVE-2023-37202.

The privacy-conscious browser maker additionally fastened two reminiscence security bugs tracked as CVE-2023-37212 and CVE-2023-37211. The reminiscence security flaws are current in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12, Mozilla stated in an advisory, including: “Some of these bugs showed evidence of memory corruption, and we presume that with enough effort some of these could have been exploited to run arbitrary code.”

Citrix

Enterprise software program big Citrix has issued an replace warning after fixing a number of flaws in its NetScaler ADC (previously Citrix ADC) and NetScaler Gateway (previously Citrix Gateway) instruments, one in every of which has already been utilized in assaults.

Tracked as CVE-2023-3519, the already exploited flaw is an unauthenticated distant code execution vulnerability in NetScaler ADC and NetScaler Gateway that’s so extreme it’s been given a CVSS rating of 9.8. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed,” Citrix said. “Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.”

The flaw was additionally the topic of an advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), which warned that the bug was utilized in assaults on a crucial infrastructure group in June.

SAP

SAP, one other enterprise software program agency, has issued its July Security Patch Day, together with 16 safety fixes. The most extreme flaw is CVE-2023-36922, an OS command injection vulnerability with a CVSS rating of 9.1.

The bug permits an authenticated attacker to “inject an arbitrary operating system command into a vulnerable transaction and program,” safety agency Onapsis said. “Patching is strongly recommended, since a successful exploit of this vulnerability has a high impact on confidentiality, integrity, and availability of the affected SAP system,” it warned.

Meanwhile, CVE-2023-33989 is a listing traversal vulnerability in SAP NetWeaver with a CVSS rating of 8.7, and CVE-2023-33987 is a request smuggling and request concatenation vulnerability in SAP Web Dispatcher with a CVSS rating of 8.6.

Oracle

Software firm Oracle has launched its July Critical Patch Update Advisory, fixing 508 vulnerabilities in its merchandise. Among the fixes are 77 new safety patches for Oracle Communications. Oracle warned that 57 of those vulnerabilities could possibly be remotely exploited over a community with out consumer credentials. One of the worst flaws is CVE-2023-20862, which has been given a CVSS rating of 9.8.

Meanwhile, 147 of the Oracle patches had been for Financial Services, and Fusion Middleware obtained 60 fixes.

Oracle stated it continues to obtain studies of makes an attempt to use vulnerabilities it has already patched. In some circumstances, attackers had been profitable as a result of focused clients had failed to use obtainable Oracle patches, it stated. “Oracle, therefore, strongly recommends that customers remain on actively supported versions and apply Critical Patch Update security patches without delay.”