March brought significant security update announcements from major technology companies, including Apple, Google, and Mozilla, aimed at patching a range of vulnerabilities across their platforms and products.
Apple iOS updates
Apple was active in March, releasing iOS 17.4 early in the month to address over 40 vulnerabilities, with two critical issues noted for being exploited in real-world attacks. The first, identified as CVE-2024-23225, was a vulnerability in the iPhone Kernel that could let attackers circumvent memory protections. The second, CVE-2024-23296, found in RTKit, could also allow kernel memory protection bypasses. Following up, Apple rolled out iOS 17.4.1, targeting two additional vulnerabilities (both marked as CVE-2024-1580) that could lead to code execution via malicious images. Complementary updates for Safari, macOS Sonoma, and macOS Ventura were also released.
Google Chrome security fixes
Google addressed several vulnerabilities in Chrome with two sets of updates in March. An update mid-month resolved 12 issues, including a high-severity problem in V8 (CVE-2024-2625) and several medium-severity vulnerabilities. The month’s end saw fixes for seven more security issues, notably including a critical use-after-free flaw in ANGLE (CVE-2024-2883) and other high-severity bugs. Importantly, two of the vulnerabilities fixed were exploited during the Pwn2Own 2024 hacking contest, emphasizing the need for immediate updates.
Mozilla Firefox patches
Mozilla also had a busy March, especially with the patching of two zero-day vulnerabilities exploited at Pwn2Own, marked as CVE-2024-29943 and CVE-2024-29944, both considered critical. Additionally, Firefox 124 was released to address a dozen security issues, including a sandbox-escape flaw on Windows (CVE-2024-2605) and critical-rated memory safety bugs (CVE-2024-2615).
Google Android security bulletin
The March Security Bulletin for Android tackled nearly 40 issues, with two critical bugs in its system component highlighted for immediate attention: a remote code-execution flaw (CVE-2024-0039) and an elevation-of-privilege vulnerability (CVE-2024-23717). Updates covered several privilege-elevation and a denial-of-service issue, now available for Pixel devices and select Samsung Galaxy models.
Microsoft’s patch Tuesday
March saw Microsoft addressing over 60 security vulnerabilities on its Patch Tuesday. Among them were CVE-2024-21334, a critical remote code-execution vulnerability in the Open Management Infrastructure (OMI), and two Hyper-V issues: CVE-2024-21407, a remote code-execution flaw, and CVE-2024-21408, a denial-of-service vulnerability. While these vulnerabilities had not been exploited in attacks, their severity ratings underscore the importance of applying these updates promptly.
Each of these updates reflects ongoing efforts by technology firms to safeguard users against evolving security threats. Users are advised to apply these updates as soon as possible to protect their devices and personal information.
