Title: macOS Big Sur, Catalina updates bring a bundle of critical security fixes Post by: HCK on March 16, 2022, 04:05:11 pm macOS Big Sur, Catalina updates bring a bundle of critical security fixes
<div id="link_wrapped_content"> <body><section class="wp-block-bigbite-multi-title"><div class="container"></div></section><p>Apple started the week with a bang by releasing macOS Monterey 12.3 with several new features, including Universal Control, enhanced Spatial Audio support, and an LGBTQ Siri voice, but older Macs got an update that’s just as important. While short on new features, <a href="https://go.redirectingat.com/?id=111346X1569486&url=https://support.apple.com/en-us/HT213184&xcust=1-1-623104-1-0-0&sref=https://www.macworld.com/feed" rel="nofollow">macOS Big Sur 11.6.5[/url] and <a href="https://go.redirectingat.com/?id=111346X1569486&url=https://support.apple.com/en-us/HT213185&xcust=1-1-623104-1-0-0&sref=https://www.macworld.com/feed" data-type="URL" data-id="https://support.apple.com/en-us/HT213185" rel="nofollow">Security Update 2022-003 Catalina[/url] each contain more than a dozen security patches, among other fixes. Among the updates are several that could lead to arbitrary code execution, including:</p> <p><strong>Accelerate Framework</strong></p> <ul><li><strong>Available for:</strong> macOS Big Sur</li><li><strong>Impact:</strong> Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution</li><li><strong>Description:</strong> A memory corruption issue was addressed with improved state management.</li><li><strong>CVE-2022-22633:</strong> an anonymous researcher</li></ul><p><strong>AppleScript</strong></p> <ul><li><strong>Available for:</strong> macOS Big Sur, macOS Catalina</li><li><strong>Impact: </strong>Processing a maliciously crafted file may lead to arbitrary code execution</li><li><strong>Description:</strong> A memory corruption issue was addressed with improved validation.</li><li><strong>CVE-2022-22597:</strong> Qi Sun and Robert Ai of Trend Micro</li></ul><p><strong>Intel Graphics Driver</strong></p> <ul><li><strong>Available for:</strong> macOS Big Sur, macOS Catalina</li><li><strong>Impact:</strong> An application may be able to execute arbitrary code with kernel privileges</li><li><strong>Description: </strong>A type confusion issue was addressed with improved state handling.</li><li><strong>CVE-2022-22661:</strong> an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab</li></ul><p><strong>Kernel</strong></p> <ul><li><strong>Available for: </strong>macOS Big Sur, macOS Catalina</li><li>I<strong>mpact:</strong> An application may be able to execute arbitrary code with kernel privileges</li><li><strong>Description: </strong>An out-of-bounds write issue was addressed with improved bounds checking.</li><li><strong>CVE-2022-22613:</strong> Alex, an anonymous researcher</li></ul><ul><li><strong>Available for:</strong> macOS Big Sur, macOS Catalina</li><li><strong>Impact: </strong>An application may be able to execute arbitrary code with kernel privileges</li><li><strong>Description:</strong> A use after free issue was addressed with improved memory management.</li><li><strong>CVE-2022-22615:</strong> an anonymous researcher</li><li><strong>CVE-2022-22614:</strong> an anonymous researcher</li></ul><p>There are also QuickTime Player, Siri, and WebKit fixes. We recommend running the update as soon as possible.</p> <p>To download the latest update to your Mac, open the System Preferences app, then click Software Update, and Update Now.</p> </body></div> Source: macOS Big Sur, Catalina updates bring a bundle of critical security fixes (https://www.macworld.com/article/623104/macos-big-sur-catalina-security-updates.html) |