April Patch Tuesday has rolled in to deliver us 129 total Microsoft vulnerabilities, an amount not seen since September of 2020. That’s far more than in any month in 2021 or so far in 2022. SecOps and ITOps teams will have their hands full this month with 10 critical vulnerabilities, including one exploited vulnerability (CVE-2022-24521) from Microsoft.
Adobe’s Patch Tuesday saw updates for Acrobat and Reader, Commerce, After Effects, and Photoshop. Without a doubt, Adobe’s updates are led by a massive update for Acrobat and Reader. The update fixes 62 vulnerabilities, including 35 critical arbitrary code execution vulnerabilities.
On April 5, Mozilla released security advisories for Thunderbird 91.8, Firefox ESR 91.8, and Firefox 99. These advisories all earned a High rating and comprised of 13 unique CVEs in total.
On Thursday, March 31, Apple released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPadOS. These include a vulnerability in AppleAVD (CVE-2022-22675) and a vulnerability in the Intel Graphics Driver (CVE-2022-22674).
On the morning of March 31, two critical remote code execution vulnerabilities were reported in the Spring Framework, a widely used open-source framework for Java. The vulnerabilities consists of CVE-2022-22963 and CVE-2022-22965, the latter being dubbed Spring4Shell. Additional information can be found in our blog here.