Multiple big tech firms issued crucial security patches in March to fix major holes being used in real-life attacks. Microsoft’s March Patch Tuesday was a big one, while Google Android users should be looking out for the latest update—particularly if they own a Samsung device.

Apple has also released a new round of patches to fix issues that include a zero-day flaw in older iPhones. Here’s what you need to know about all the patches issued in March. 

Apple iOS updates continue to come thick and fast, with the iPhone maker releasing iOS and iPadOS 16.4 in March. The update comes with a bunch of new features, along with a rather hefty 33 fixes for iOS security vulnerabilities. Some of the bugs fixed in iOS 16.4 are pretty serious, although none are known to have been used in attacks. 

Among the notable bugs are flaws in WebKit, the engine that powers the Safari browser, and in the Kernel at the heart of the iPhone operating system, according to Apple’s support page. 

Tracked as CVE-2023-27969 and CVE-2023-27933, the two Kernel exploits could allow an attacker to execute code. Meanwhile, Apple fixed a Sandbox issue tracked as CVE-2023-28178 that could allow an app to bypass privacy preferences.

While the iOS 16.4 patches haven’t been used in attacks, Apple also released iOS 15.7.4 for older iPhones to fix 16 issues, including an already exploited flaw. Tracked as CVE-2023-23529, the WebKit bug could lead to arbitrary code execution—although it requires some user interaction. The same issue was fixed in iOS 16.3.1 in February. 

Apple also released macOS Ventura 13.3, Safari 16.4, watchOS 9.4, tvOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Monterey, and macOS Ventura 13.3.

March was a big Patch Tuesday for Microsoft, with the software giant releasing fixes for over 80 flaws, one of which is already being used in attacks. With a CVSS score of 9.8, CVE-2023-23397 is a critical issue in Microsoft’s Outlook that has apparently been used in attacks by Russia-linked cybercriminals. Microsoft also issued a detection script to help people spot the attack.

Microsoft said in an advisory that an attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash, which could then be used in relay attacks. “The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client,” the firm said, adding that it could lead to exploitation even before the email is viewed in the Preview Pane.

Google-owned threat intelligence company Mandiant later claimed that the vulnerability has been exploited for nearly a year in attacks targeting companies and critical infrastructure.

The Google Android March security bulletin includes fixes for more than 50 security issues. The most severe is a critical vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation, Google said.

Google also patched eight issues in the Framework marked as having a high severity, which could lead to privilege escalation without any user interaction.