HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => Apple News => Topic started by: HCK on March 16, 2022, 04:05:11 pm



Title: macOS Big Sur, Catalina updates bring a bundle of critical security fixes
Post by: HCK on March 16, 2022, 04:05:11 pm
macOS Big Sur, Catalina updates bring a bundle of critical security fixes

<div id="link_wrapped_content">
<body><section class="wp-block-bigbite-multi-title"><div class="container"></div></section><p>Apple started the week with a bang by releasing macOS Monterey 12.3 with several new features, including Universal Control, enhanced Spatial Audio support, and an LGBTQ Siri voice, but older Macs got an update that&rsquo;s just as important.&nbsp;While short on new features, <a href="https://go.redirectingat.com/?id=111346X1569486&amp;url=https://support.apple.com/en-us/HT213184&amp;xcust=1-1-623104-1-0-0&amp;sref=https://www.macworld.com/feed" rel="nofollow">macOS Big Sur 11.6.5[/url] and <a href="https://go.redirectingat.com/?id=111346X1569486&amp;url=https://support.apple.com/en-us/HT213185&amp;xcust=1-1-623104-1-0-0&amp;sref=https://www.macworld.com/feed" data-type="URL" data-id="https://support.apple.com/en-us/HT213185" rel="nofollow">Security Update 2022-003 Catalina[/url] each contain more than a dozen security patches, among other fixes. Among the updates are several that could lead to arbitrary code execution, including:</p>



<p><strong>Accelerate Framework</strong></p>



<ul><li><strong>Available for:</strong>&nbsp;macOS Big Sur</li><li><strong>Impact:</strong>&nbsp;Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution</li><li><strong>Description:</strong>&nbsp;A memory corruption issue was addressed with improved state management.</li><li><strong>CVE-2022-22633:</strong>&nbsp;an anonymous researcher</li></ul><p><strong>AppleScript</strong></p>



<ul><li><strong>Available for:</strong>&nbsp;macOS Big Sur, macOS Catalina</li><li><strong>Impact: </strong>Processing a maliciously crafted file may lead to arbitrary code execution</li><li><strong>Description:</strong> A memory corruption issue was addressed with improved validation.</li><li><strong>CVE-2022-22597:</strong> Qi Sun and Robert Ai of Trend Micro</li></ul><p><strong>Intel Graphics Driver</strong></p>



<ul><li><strong>Available for:</strong> macOS Big Sur, macOS Catalina</li><li><strong>Impact:</strong> An application may be able to execute arbitrary code with kernel privileges</li><li><strong>Description: </strong>A type confusion issue was addressed with improved state handling.</li><li><strong>CVE-2022-22661:</strong> an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab</li></ul><p><strong>Kernel</strong></p>



<ul><li><strong>Available for: </strong>macOS Big Sur, macOS Catalina</li><li>I<strong>mpact:</strong> An application may be able to execute arbitrary code with kernel privileges</li><li><strong>Description: </strong>An out-of-bounds write issue was addressed with improved bounds checking.</li><li><strong>CVE-2022-22613:</strong> Alex, an anonymous researcher</li></ul><ul><li><strong>Available for:</strong> macOS Big Sur, macOS Catalina</li><li><strong>Impact: </strong>An application may be able to execute arbitrary code with kernel privileges</li><li><strong>Description:</strong> A use after free issue was addressed with improved memory management.</li><li><strong>CVE-2022-22615:</strong> an anonymous researcher</li><li><strong>CVE-2022-22614:</strong> an anonymous researcher</li></ul><p>There are also QuickTime Player, Siri, and WebKit fixes. We recommend running the update as soon as possible.</p>



<p>To download the latest update to your Mac, open the System Preferences app, then click Software Update, and Update Now.</p>
</body></div>

Source: macOS Big Sur, Catalina updates bring a bundle of critical security fixes (https://www.macworld.com/article/623104/macos-big-sur-catalina-security-updates.html)