The summer patch cycle shows no signs of slowing down, with tech giants Apple, Google, and Microsoft releasing multiple updates to fix flaws being used in real-life attacks. July also saw serious bugs squashed by enterprise software firms SAP, Citrix, and Oracle.

Here’s everything you need to know about the major patches released during the month.

Apple had a busy July after issuing two separate security updates during the month. The iPhone maker’s first update came in the form of a security-only Rapid Security Response patch.

It was only the second time Apple had issued a Rapid Security Response, and the process was not as smooth as the first. On July 10, Apple released iOS 16.5.1 9 (a) to fix a single WebKit flaw already being used in attacks, but the iPhone maker quickly retracted it after discovering that the patch broke several websites for users. Apple reissued the update as iOS 16.5.1 (c) a few days later, at last fixing the WebKit issue without breaking anything else.

Later in the month, Apple’s major point upgrade iOS 16.6 appeared with 25 security fixes, including the already exploited WebKit bug patched in iOS 16.5.1 (c), tracked as CVE-2023-37450.

Among the other bugs squashed in iOS 16.6 are 11 in the Kernel at the core of the iOS operating system, one of which Apple said is already being used in attacks. The Kernel flaw is the third iOS issue discovered by security outfit Kaspersky as part of the zero-click “Triangulation spyware” attacks.

Apple also released iOS 15.7.8 for users of older devices, as well as iPadOS 16.6, Safari 16.6, macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, tvOS 16.6, and watchOS 9.6.

Microsoft’s July Patch Tuesday is an update to look out for because it fixes 132 vulnerabilities, including multiple zero-day flaws. First things first: One of the bugs detailed in the patch update, tracked as CVE-2023-36884, has not yet been fixed. In the meantime, the tech giant has offered steps to mitigate the already exploited flaw, which has apparently been used in attacks by a Russian cybercrime gang.

Other zero-day flaws included in Microsoft’s Patch Tuesday are CVE-2023-32046, a platform elevation of privilege bug in the MSHTML core Windows component, and CVE-2023-36874, a vulnerability in the Windows Error Reporting service that could allow an attacker to gain admin rights. Meanwhile, CVE-2023-32049 is an already exploited vulnerability in the Windows SmartScreen feature.

It goes without saying that you should update as soon as possible while keeping an eye out for the fix for CVE-2023-36884.

Google has updated its Android operating system, fixing dozens of security vulnerabilities, including three it says “may be under limited, targeted exploitation.”

The first of the already exploited vulnerabilities is CVE-2023-2136, a remote code execution (RCE) bug in the System with a CVSS score of 9.6. The critical security vulnerability could lead to RCE with no additional privileges needed, according to the tech firm. “User interaction is not needed for exploitation,” Google warned.