Patches for the Week


by Artie Kaye

Fortinet, Google, Sophos, and Netgear have all released patches for various products this week.

Fortinet patches a flaw that could allow authentication bypass in their FortiOS.  The flaw is listed as CVE-2022-35843.
https://www.fortiguard.com/psirt/FG-IR-22-255

Google addressed 50+ vulnerabilities for Android.
https://source.android.com/docs/security/bulletin/2022-12-01

Seven bugs in Sophos Firewall are fixed.
https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0

Netgear Nighthawk RAX30 (AX2400) routers are the last item.  The company has remediated a problem that could give unauthorized unrestricted access to the device. The flaw is listed as CVE-2022-4390.
https://kb.netgear.com/000065411/RAX30-Firmware-Version-1-0-9-90-Hot-Fix

It’s a good practice to remain on top of patching, to help protect yourself, and your customers.

https://www.securityweek.com/fortinet-patches-high-severity-authentication-bypass-vulnerability-fortios

https://www.securityweek.com/over-75-vulnerabilities-patched-android-december-2022-security-updates

https://www.darkreading.com/application-security/android-serves-up-slew-security-updates-4-critical

https://www.bleepingcomputer.com/news/security/android-december-2022-security-updates-fix-81-vulnerabilities/

https://www.securityweek.com/several-code-execution-vulnerabilities-patched-sophos-firewall

https://www.securityweek.com/netgear-neutralizes-pwn2own-exploits-last-minute-nighthawk-router-patches