Google this week announced the release of Chrome 107 to the stable channel, with patches for 14 vulnerabilities, including high – severity issues among which ten security issues were reported externally: three was reported as high – severity, six medium – severity, and one low – severity issue.

To exploit these flaws, a remote attacker needs to trick a user into accessing a specially crafted webpage in a vulnerable browser. Successful exploitation could allow the attacker to execute arbitrary code or cause a denial-of-service (DoS) condition on the affected system.

A High severity Remote Code Execution vulnerability has been identified in Zoom applications.

The vulnerability is related to Improper URL parsing. An attacker could send malicious Zoom meeting URL which may redirect the user to connect to an arbitrary network and do lateral movements for remote code execution through launching executables from arbitrary paths.

Apple has released security update to address Zero-Day flaw in iOS and iPadOS which has been actively exploited in the wild.

The vulnerability is identified as Out-of-bounds write issue in the kernel, which could be abused by rouge application to execute arbitrary code with the highest privileges.

Successfully exploitation of vulnerability could allow potential attackers to execute arbitrary code with kernel privileges, which can result in data corruption, application crashes, or code execution.

Oracle Linux have released security patches which addressed multiple vulnerabilities in their various components. Advisory contains 89 patches out this 43 are remotely exploitable without any authentication. Attackers might could take advantage of these vulnerabilities for exploitation which could lead to remote code execution and lateral movements which could have an adversely impact on confidentiality, integrity of data and reputational loss.

Palo Alto Networks notifies about a high-severity authentication bypass vulnerability affecting the web interface of its PAN-OS 8.1 software. 

The security hole is tracked as CVE-2022-0030, According to the company, a network-based attacker with specific knowledge of the targeted firewall or Panorama appliance can impersonate an existing PAN-OS admin and perform privileged actions.

Adobe has rolled out numerous security fixes addressing around seven adobe products. The roll out has targeted products which are Experience Manager, Adobe Bridge, Adobe InDesign, Adobe Photoshop, Adobe InCopy, Adobe Animate, Adobe Illustrator. 

These updates address critical and important vulnerabilities that could lead to arbitrary code execution and memory leak. 

Microsoft release patched for 84 CVEs, with 13 rated as critical and 71 rated as important.

The actively exploited zero-day vulnerability fixed today is tracked as “CVE-2022-41033” which is related to Windows COM+ Event System Service Elevation of Privilege. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Adobe has rolled out numerous security fixes and updates addressing more than 60 exploitable vulnerabilities in its products line, specifically, the Creative Cloud bundle. The roll out has targeted the following products: Bridge, InDesign, Photoshop, InCopy, Animate, and Illustrator.

A zero-day vulnerability has been identified in Apple iOS/iPadOS and in macOS which are exploited in the wild.

The vulnerability allows attacker to execute arbitrary code with kernel privileges. This could be used to alter devices and enabling an attacker to potentially install code such as spyware.