November, 2022: Patch Monday - Google Zero Days

Welcome to my November Patch Monday newsletter. It has been a really lite month with patching. The biggest issue for us to look at are browsers. Since many browsers are Chromium based you'll want to pay attention to the update released by Google this past month. Google released updates to Chrome for two zero-days in the past month. On October 27th they released an update addressing CVE-2022-3723. Also on November 24th they released another updated addressing CVE-2022-4135. Both of these updates are rated "High" by Google and they have reported that exploits for both of these CVE's exists in the wild. You'll want to make sure that Chrome gets updated and restarted to remediate any possibility of these flaws being explioted. Besides that we have the standard updates to Mozilla and a few Apple products. The details for these are in the chart below.

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vender/Product

Product Version Affected

Date Released by Vender

Vulnerability Info

Vender Severity / Our Recommedation

Multiple CVE's

Apple Xcode

Before 14.1

11/1/2022

Information Disclosure,
Arbitrary Code Execution,
Privilege Escalation

Update after testing

Multiple CVE's

Apple iOS and iPadOS

Before 16.1.1 iOS

Before 16.1.1 iPadOS

11/9/2022

Arbitrary Code Execution

Update after testing

Multiple CVE's

Apple macOS

Ventura before 13.0.1

11/9/2022

File Intrusion, 
Arbitrary Code Execution,
Gain Information

Update after testing

Multiple CVE's

Google Chrome

Before 107.0.5304.121

11/24/2022

Use After Free,
Heap Buffer Overflow,
Type Confusion

Update as soon as possible

Multiple CVE's

Mozilla Thunderbird

Before 102.5

11/15/2022

Use After Free,
Spoofing,
Cross-Site Tracing,
Keystroke Logging

Update after testing

Multiple CVE's

Mozilla Firefox

Before 107

ESR before 102.5

11/15/2022

Use After Free,
Spoofing,
Cross-Site Tracing,
Keystroke Logging

Update after testing