• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Friday, July 18, 2025
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Business

December Security Updates: A Comprehensive Roundup from Tech Giants

by Harikrishnan A
January 1, 2024
in Business, Markets, News, Tech, World
Reading Time: 3 mins read
0
Google Chrome Announces End of Third-Party Cookies: A Milestone in Online Privacy
TwitterWhatsappLinkedin

As December ends, major tech companies engaged in a race against time to fortify their products against critical vulnerabilities. Apple, Google, Microsoft, Mozilla, Apache, Atlassian, and SAP all stepped up to the plate, releasing crucial updates to bolster security. Here’s a detailed look at the significant updates from each of these companies during the bustling month.

You might also like

Zuckerberg, Meta Directors Settle $8 Billion Privacy Trial

Samsung Chairman Jay Y. Lee Cleared in 2015 Merger Case

Microsoft Salaries Revealed, AI Teams Earning More Than Ever Amid Strategic Shift

Apple iOS: Fortifying iOS 17.2 Against Threats

In the middle of December, Apple unleashed iOS 17.2, a substantial update introducing features like the Journal app. However, the spotlight was on the security front, with the release addressing pivotal vulnerabilities. A notable fix was CVE-2023-42890, targeting a flaw in the WebKit browser engine that could potentially allow unauthorized code execution. The update also tackled issues in the iPhone’s Kernel (CVE-2023-4291) and ImageIO (CVE-2023-42898 and CVE-2023-42899), averting potential security risks.

Additionally, iOS 17.2 implemented measures to thwart Bluetooth attacks using devices like Flipper Zero, a vulnerability highlighted by tests conducted by ZDNET and 9to5Mac. Subsequently, iOS 17.2.1, iOS 16.7.4, macOS Sonoma 14.2.1 were swiftly rolled out, addressing unspecified bug fixes and security concerns.

Google Android: Strengthening Security with a Robust Bulletin

Google’s December Security Bulletin for Android was a robust response, addressing nearly 100 security issues. The focus was on critical vulnerabilities in the Framework, with one posing a potential risk of remote escalation of privilege without requiring user interaction. Standout flaws included CVE-2023-40088, a critical flaw in the System leading to remote code execution, and CVE-2023-40078, an elevation of privilege bug.

WearOS, Google’s smart device platform, also received attention, with an update targeting CVE-2023-40094, an elevation of privilege flaw. Meanwhile, the Pixel Security Bulletin was anticipated at the time of reporting.

Google Chrome: Swift Action to Counter Zero-Day Vulnerability

December concluded with Google swiftly addressing an emergency in its Chrome browser – the eighth zero-day vulnerability of 2024. CVE-2023-7024, a heap buffer overflow issue in the WebRTC component, raised alarms as known exploits were reported in the wild. Earlier in the month, mid-month updates had already tackled nine security issues, including high-severity vulnerabilities such as CVE-2023-6702 and CVE-2023-6509.

Microsoft: A Vigorous December Patch Tuesday

Microsoft’s December Patch Tuesday was a proactive response to over 30 vulnerabilities, including several remote code execution (RCE) flaws. Critical fixes encompassed CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector, and CVE-2023-35628, a critical Windows MSHTML Platform RCE bug. While no known exploits were reported, the urgency of promptly applying updates remained paramount.

Mozilla Firefox: A Focus on Security with 18 Fixes

Mozilla dedicated December to addressing 18 security vulnerabilities in its Firefox browser. Approximately one-third of these were categorized as high severity. Key issues included CVE-2023-6856, a heap-buffer-overflow affecting WebGL DrawElementsInstanced, and fixes for memory safety bugs like CVE-2023-6864 and CVE-2023-6873, holding the potential for arbitrary code execution.

Apache: Critical Patch for Struts 2 Framework

The Apache Software Foundation responded to a critical flaw in its Struts 2 open source developer framework (CVE-2023-50164). This vulnerability, carrying a CVSS score of 9.8, allowed attackers to manipulate file upload parameters, potentially leading to remote code execution. Swift action was advised, urging users to upgrade to Struts 2.5.33 or Struts 6.3.0.2 promptly.

Atlassian: Bolstering Security Against RCE Vulnerabilities

Atlassian, a stalwart in enterprise software, released patches targeting critical Remote Code Execution (RCE) vulnerabilities. CVE-2023-22522, a template injection vulnerability in Confluence Data Center and Server, stood out as critical with a CVSS score of 9. Users were strongly encouraged to update to the latest version to address this vulnerability. Other patches covered RCE vulnerabilities in the Atlassian macOS app, Assets Discovery, and a SnakeYAML library RCE issue impacting multiple products.

SAP: Fortifying Against Escalation-of-Privilege Bugs

SAP’s December Security Patch Day was dedicated to shoring up defenses against serious security flaws. The most critical were four escalation-of-privilege bugs in SAP Business Technology Platform. These bugs could empower an unauthenticated attacker to obtain arbitrary permissions, posing a high impact on confidentiality and integrity. Another concern, CVE-2023-42481, highlighted an improper access control vulnerability in SAP Commerce Cloud, emphasizing the need for users to promptly apply security updates.

In conclusion, December showcased the tech industry’s unwavering commitment to addressing security vulnerabilities. Users are strongly advised to remain vigilant and apply necessary patches promptly, ensuring the security of their systems and data in the evolving digital landscape.

Tags: ApacheAtlassianGoogleMicrosoftUS
Tweet56SendShare16
Previous Post

Samsung Galaxy S24 will be getting the support for AI Photo Editor

Next Post

How to Animate on Procreate

Harikrishnan A

Aspiring writer. Enjoys gaming, fried chicken and iced tea, preferably all together.

Recommended For You

Zuckerberg, Meta Directors Settle $8 Billion Privacy Trial

by Anochie Esther
July 18, 2025
0
Zuckerberg

In a sudden twist that ended what could have been a landmark courtroom showdown, Meta Platforms CEO Mark Zuckerberg and several current and former directors reached a settlement...

Read more

Samsung Chairman Jay Y. Lee Cleared in 2015 Merger Case

by Anochie Esther
July 18, 2025
0
Lee

In a pivotal ruling that removes a significant legal overhang, South Korea’s Supreme Court on July 17 cleared Samsung Electronics Chairman Jay Y. Lee of all charges related...

Read more

Microsoft Salaries Revealed, AI Teams Earning More Than Ever Amid Strategic Shift

by Anochie Esther
July 18, 2025
0
Microsoft

Amid significant layoffs and an aggressive pivot to artificial intelligence, Microsoft finds itself under the spotlight once again this time not for job cuts or corporate strategy, but...

Read more
Next Post
How to Animate on Procreate

How to Animate on Procreate

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at [email protected]

Advertise With Us

Reach out at - [email protected]

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News NFT samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2024 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2024 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?