Top 5 This Week

Related Posts

December 2023 Security updates Tech Giants

Getting your Trinity Audio player ready...

December 2023 Security Updates Across Major Tech Platforms

The month of December 2023 was pivotal for cybersecurity, marked by critical security updates from leading tech companies. This comprehensive review focuses on the December 2023 Security Updates, offering a detailed look at the essential patches released by industry giants like Apple, Google, and Microsoft.

Apple’s Proactive Measures in iOS Security

Apple’s commitment to device security was evident in December with the release of iOS 17.2. This significant update, featuring the innovative Journal app, addressed 12 security vulnerabilities, including the notorious CVE-2023-42890CVSSv3 score: 8.8 in the WebKit browser engine. Notably, CVE-2023-4291CVSSv3 score: 9.8, a flaw in the iPhone’s Kernel, raised concerns as it could potentially allow apps to escape their secure sandboxes.

Additionally, the update tackled two critical vulnerabilities in ImageIO, coded CVE-2023-42898CVSSv3 score: 5.5 and CVE-2023-42899CVSSv3 score: 7.8, which could have led to arbitrary code execution. The iOS 17.2 update also introduced preventative measures against Bluetooth-based cyber attacks, notably those involving the Flipper Zero penetration testing tool. This move was particularly aimed at mitigating a specific denial of service attack that could overwhelm an iPhone with pop-ups.

Google Android’s Extensive Security Overhaul

In December 2023, Google’s Android platform saw one of its most significant security bulletins, addressing nearly 100 security issues. The updates included patches for two critical vulnerabilities in the Framework, one of which, the much-discussed CVE-2023-40088CVSSv3 score: 8.8, posed a risk of remote code execution without requiring any user interaction. Similarly, CVE-2023-40078CVSSv3 score: 9.8, an elevation of privilege bug, was also rectified.

Google’s WearOS wasn’t left behind, with an update fixing CVE-2023-40094CVSSv3 score: 7.8, another elevation of privilege flaw. As of writing, the Pixel Security Bulletin detailing further updates was anticipated but not yet released.

Google Chrome’s Emergency Patch

Google also made headlines with an emergency fix for its Chrome browser, addressing the eighth zero-day vulnerability of the year, CVE-2023-7024CVSSv3 score: 8.8. This heap buffer overflow issue, found in the WebRTC component, was notable for being actively exploited in the wild. Earlier in the month, Chrome 120 was released, patching ten security flaws, including two high-severity issues, CVE-2023-6508CVSSv3 score: 8.8 and CVE-2023-6509CVSSv3 score: 8.8.

Microsoft’s Critical Fixes and Patches

Microsoft’s December Patch Tuesday was a crucial event, with over 30 vulnerabilities addressed. This included the high-priority CVE-2023-36019CVSSv3 score: 7.4, a spoofing vulnerability in the Microsoft Power Platform Connector. Another critical fix was for CVE-2023-35628CVSSv3 score: 8.1, a Windows MSHTML Platform RCE bug, highlighting the importance of prompt patch application.

Mozilla Firefox: Strengthening Browser Security

Mozilla’s Firefox browser received substantial fortification against vulnerabilities, with 18 security issues fixed. Among these, CVE-2023-6856CVSSv3 score: 8.8, a high-severity heap-buffer-overflow vulnerability, posed a significant risk for RCE – remote code execution.

Apache and Atlassian: Addressing Critical RCE Vulnerabilities

The Apache Software Foundation responded to a critical flaw in its Struts 2 framework, marked as CVE-2023-50164CVSSv3 score: 9.8. Meanwhile, Atlassian released a patch for a critical RCE vulnerability in Confluence Data Center and Server, identified as CVE-2023-22522CVSSv3 score: 8.8.

SAP’s Security Enhancements

SAP’s December Security Patch Day was noteworthy, especially for addressing four critical escalation-of-privilege bugs in its Business Technology Platform. The most severe, CVE-2023-49583CVSSv3 score: 9.8, underscored the importance of maintaining robust security measures in enterprise software.

As we reflect on the array of updates released in December 2023, the significance of timely patching and staying informed about security vulnerabilities cannot be overstated. These updates not only patch existing vulnerabilities but also enhance the overall resilience of our digital infrastructure against emerging threats.

For more in-depth analysis and continuous updates on cybersecurity, visit Cyber Cogeanu.

Cogeanu Marius
Cogeanu Marius
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on


Please enter your comment!
Please enter your name here

Popular Articles