Microsoft Security Update: Edge, Teams and Skype Get Fixes for Zero-Day Bugs in Open-Source Libraries
Last month, Google patched a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor. Apple also fixed two zero-day vulnerabilities actively being used to deliver Israel-based NSO Group’s Pegasus spyware on iPhones.
San Francisco, October 5: Tech giant Microsoft has released key security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries. The two zero-day vulnerabilities were discovered last month, and both bugs have been actively exploited to target individuals with spyware, according to researchers at Google and Citizen Lab.The vulnerabilities were discovered in two common open source libraries, webp and libvpx. In a brief statement, Microsoft said it had rolled out fixes addressing the two vulnerabilities in the webp and libvpx libraries. X CEO Linda Yaccarino Contradicts Elon Musk’s Statement, Says Platform Seeing 500 Million Posts Daily.
“Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and we have addressed them in our products,” the company said in a security update. While the CVE-2023-4863 security patch addressed the bug in Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop and Webp Image Extensions, the CVE-2023-5217 patch was issued for Microsoft Edge. Google Pixel 8, Google Pixel 8 Pro, Pixel Watch 2 Now Available For Pre-Orders in India, Know Price and Other Details Here.
However, Microsoft declined to say if its products had been exploited in the wild, or if the company has the ability to know, reports TechCrunch. Last month, Google patched a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor. Apple also fixed two zero-day vulnerabilities actively being used to deliver Israel-based NSO Group’s Pegasus spyware on iPhones. Internet watchdog group Citizen Lab, while checking the device of an individual employed by a Washington D.C.-based civil society organisation with international offices, had found the zero-click vulnerability. Citizen Lab immediately disclosed the findings to Apple and assisted in their investigation. Apple issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061).
(The above story first appeared on LatestLY on Oct 05, 2023 12:59 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).