1. CVE-2022-44698

Severity - Medium

Windows SmartScreen Security Feature Bypass Vulnerability.

More details : https://vi.strobes.co/cve/CVE-2022-44698

Zero day references:

  1. https://www.zero-day.cz/database/738

Patch references:

  1. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021235
  2. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021233
  3. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021234
  4. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021249
  5. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021237
  6. https://www.cybersecurity-help.cz/vdb/SB2022121336
  7. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44698

2. CVE-2022-42856

Severity - High

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

More details : https://vi.strobes.co/cve/CVE-2022-42856

Zero day references:

  1. https://www.zero-day.cz/database/740

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022121376
  2. https://support.apple.com/en-us/HT213531
  3. https://support.apple.com/en-us/HT213532
  4. https://support.apple.com/en-us/HT213537
  5. https://support.apple.com/en-us/HT213516
  6. https://support.apple.com/en-us/HT213535

3. CVE-2022-42827

Severity - High

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

More details : https://vi.strobes.co/cve/CVE-2022-42827

Zeroday references: 

  1. https://www.zero-day.cz/database/726

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022102435
  2. https://support.apple.com/en-us/HT213490
  3. https://support.apple.com/en-us/HT213489

4. CVE-2022-42856

Severity - High

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

More details: https://vi.strobes.co/cve/CVE-2022-4262

Zero day references:

  1. https://www.zero-day.cz/database/736

Patch references:

  1. https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
  2. https://www.cybersecurity-help.cz/vdb/SB2022120301
  3. https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
  4. https://crbug.com/1394403

5. CVE-2022-42475

Severity - Low

More details : https://vi.strobes.co/cve/CVE-2022-42475

Zero day references:

  1. https://www.zero-day.cz/database/737

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022121216

Zero-Day Attack Prevention:

These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programmes from zero-day attacks.

  • Once the security patches are available, update all programmes and software.
  • Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
  • Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.
  • Operate on sites that are secured with Secure Socket Layer (SSL).
  • Go for multiple layer protection with Web application firewalls.
  • Protect the content of individual transmissions with the help of Virtual LANs.

Stay ahead of threats using Strobes:

Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild. 

Schedule a demo to use our products Strobes VM365 and Strobes PTaaS.