Overview

 

Enterprise vulnerabilities as recorded in May 2022 affect operating systems, website browsers, exchange servers, office suites, and cloud services. Three zero-day vulnerabilities and six (6) critical CVEs observed are as follows:

1. CVE-2022-21972,
2. CVE-2022-22017,
3. CVE-2022-23270,
4. CVE-2022-26923,
5. CVE-2022-26931,
6. CVE-2022-26937.

Android vulnerabilities that were addressed with the google 2022-05-05 patch level are primarily high with critical bugs affecting the following components:

• Kernel
• MediaTek
• Qualcomm.

A. Mobile Devices:

1. Android:

Affected systems are susceptible to the following attacks:

• Remote Code Execution,
• Elevation of Privilege,
• Information Disclosure, and
• Denial of service.

Successful exploitation of these flaws may affect device stability, confidentiality, and overall performance.

A security fix

To mitigate these flaws, follow the steps here: https://support.google.com/android/answer/7680439

Further Details:

Google: https://source.android.com/security/bulletin/2022-05-01#mitigations

Vendor-specific details:

Nokia: https://www.nokia.com/phones/en_int/security-updates

Huawei: https://consumer.huawei.com/en/support/bulletin/2022/5/

Samsung: https://security.samsungmobile.com/workScope.smsb

2. Apple:

This vulnerability allows the processing of maliciously crafted web content and arbitrary code execution.

Affected Devices:

iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Further details here https://support.apple.com/en-us/HT213093

Update: iOS 15.3.1 iPADOS 15.3.1

The security fix has been released here. https://support.apple.com/en-gb/HT201222

B. Enterprise Devices:

1. Google ChromeOS Releases:

A number of updates for ChromeOS were released in May 2022. Details here: https://chromereleases.googleblog.com/2022/05

2. Vulnerabilities based on categories

Learn more about the vulnerabilities referred to in the documents below: