|

CSCC Patch Advisory Report: May 2022 Vol 1

Overview

Enterprise vulnerabilities as recorded in May 2022 affect operating systems, website browsers, exchange servers, office suites, and cloud services. Three zero-day vulnerabilities and six (6) critical CVEs observed are as follows:ย 

  1. CVE-2022-21972, 
  2. CVE-2022-22017, 
  3. CVE-2022-23270, 
  4. CVE-2022-26923, 
  5. CVE-2022-26931, 
  6. CVE-2022-26937. 

Android vulnerabilities that were addressed with the google 2022-05-05 patch level are primarily high with critical bugs affecting the following components: 

  • Kernelย 
  • MediaTek
  • Qualcomm.

A. Mobile Devices:

1. Android:

Affected systems are susceptible to the following attacks: 

  • Remote Code Execution,ย 
  • Elevation of Privilege,ย 
  • Information Disclosure, and
  • Denial of service.ย 

Successful exploitation of these flaws may affect device stability, confidentiality, and overall performance. 

A security fix

To mitigate these flaws, follow the steps here: https://support.google.com/android/answer/7680439 

Further Details:

Google: https://source.android.com/security/bulletin/2022-05-01#mitigations

Vendor-specific details:

Nokia: https://www.nokia.com/phones/en_int/security-updates 

Huawei: https://consumer.huawei.com/en/support/bulletin/2022/5/ 

Samsung: https://security.samsungmobile.com/workScope.smsb

2. Apple:

This vulnerability allows the processing of maliciously crafted web content and arbitrary code execution.

Affected Devices:

iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Further details here https://support.apple.com/en-us/HT213093 

Update: iOS 15.3.1 iPADOS 15.3.1

The security fix has been released here. https://support.apple.com/en-gb/HT201222 

B. Enterprise Devices:

1. Google ChromeOS Releases:

A number of updates for ChromeOS were released in May 2022. Details here: https://chromereleases.googleblog.com/2022/05 

2. Vulnerabilities based on categories

Learn more about the vulnerabilities referred to in the documents below: