Overview
Enterprise vulnerabilities as recorded in May 2022 affect operating systems, website browsers, exchange servers, office suites, and cloud services. Three zero-day vulnerabilities and six (6) critical CVEs observed are as follows:
- CVE-2022-21972,
- CVE-2022-22017,
- CVE-2022-23270,
- CVE-2022-26923,
- CVE-2022-26931,
- CVE-2022-26937.
Android vulnerabilities that were addressed with the google 2022-05-05 patch level are primarily high with critical bugs affecting the following components:
- Kernel
- MediaTek
- Qualcomm.
A. Mobile Devices:
1. Android:
Affected systems are susceptible to the following attacks:
- Remote Code Execution,
- Elevation of Privilege,
- Information Disclosure, and
- Denial of service.
Successful exploitation of these flaws may affect device stability, confidentiality, and overall performance.
A security fix
To mitigate these flaws, follow the steps here: https://support.google.com/android/answer/7680439
Further Details:
Google: https://source.android.com/security/bulletin/2022-05-01#mitigations
Vendor-specific details:
Nokia: https://www.nokia.com/phones/en_int/security-updates
Huawei: https://consumer.huawei.com/en/support/bulletin/2022/5/
Samsung: https://security.samsungmobile.com/workScope.smsb
2. Apple:
This vulnerability allows the processing of maliciously crafted web content and arbitrary code execution.
Affected Devices:
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Further details here https://support.apple.com/en-us/HT213093
Update: iOS 15.3.1 iPADOS 15.3.1
The security fix has been released here. https://support.apple.com/en-gb/HT201222
B. Enterprise Devices:
1. Google ChromeOS Releases:
A number of updates for ChromeOS were released in May 2022. Details here: https://chromereleases.googleblog.com/2022/05
2. Vulnerabilities based on categories
Learn more about the vulnerabilities referred to in the documents below: