To find the update, you will need to check your device settings. Devices that have received the April Android update so far include Google’s Pixel devices and some third-party Android phones, including the Samsung Galaxy A32 5G, A51, A52 5G, A53 5G, A71, S10 series, S20 series, Note20 series, and Z Flip 5G, Z Flip3, Z Fold, Z Fold2, Z Fold3 as well as the OnePlus 9 and OnePlus 9 Pro.
Google Chrome Emergency Updates
With it being the world’s largest browser with over 3 billion users, it’s no surprise that attackers target Google Chrome. Browser-based attacks are particularly worrying because they can potentially be associated with other vulnerabilities and used to take over your device.
It’s been a particularly busy month for the team behind Google’s Chrome browser, which has seen several security updates within weeks of each other. The latest version, released in mid-April, fixes two issues, including the highly dangerous zero-day vulnerability, CVE-2022-1364, which is already being used by attackers.
Technical details are not currently available, but the timing of the fix – just a day after it was reported – suggests it is very serious. If you’re using Chrome, your browser must now be at version 100.0.4896.127 to include the fix. You will need to restart Chrome after installing the update to make sure it is activated.
The Chrome issue also affects other Chromium-based browsers, including Brave, Microsoft Edge, Opera, and Vivaldi, so if you’re using one of those browsers, be sure to apply the patch.
but that is not all. On April 27, Google announced another Chrome update to fix 30 security vulnerabilities. None have been exploited yet, the company says, but seven have been rated as high risk. The update takes the browser to version 101.0.4951.41.
Oracle Critical Package Update April 2022
In mid-April, Oracle released the quarterly Critical Patch Update, including a whopping 520 security fixes. Some of the issues fixed in the update are serious – 300 of them can be exploited remotely without authentication, and 75 security issues are rated as serious. Some Oracle patches address CVE-2022-22965, also known as Spring4Shell, which is a Spring Framework remote code execution (RCE) bug.
Microsoft’s Busy April Patch Tuesday
Microsoft had a major patch on Tuesday in April, releasing fixes for more than 100 security vulnerabilities, including 10 critical flaws in RCE. According to the company, one of the main ones, CVE-2022-24521, is already being exploited by attackers.
The NSA, and researchers at CrowdStrike, reported that the problem in the Windows Common Log File system driver does not require human interaction to be exploited and can be used to gain administrative privileges on a logged-in system. Other notable fixes include CVE-2022-26904 – a problem known to all – and CVE-2022-26815, a serious flaw in the DNS server.
Mozilla Thunderbird 91.8.0 Fix
On April 5, Mozilla released a patch to fix security issues in the Thunderbird email client as well as the Firefox browser. Details are scarce, but Thunderbird 91.8 fixes four vulnerabilities rated as high impact, some of which can be exploited to run arbitrary code.
Firefox ESR 91.8 and Firefox 99 also fix many security issues.
WordPress Plugin Elementor version 3.6.3
The Elementor website builder plugin for WordPress received a major security patch in April for a critically rated vulnerability that could allow attackers to execute remote code and effectively take over a website.
Researchers at Plugin Vulnerabilities found the flaw in the plugin version 3.6.0, which was released on March 22nd. “We recommend that this plug-in not be used until a thorough security review has been conducted and all issues have been addressed,” the researchers said.
Although the attacker must be authenticated to exploit the problem, it is still very dangerous because anyone logged into an affected website can exploit it. The update for the 5 million Elementor users, version 3.6.3, should be applied as soon as possible.
More great wired stories