Apple macOS 12.2 Update With Bug Fixes Released To Compatible Macs

Last Updated on January 28, 2022 by Anu Joy

Apple has finally rolled out the stable macOS 12.2 update after the beta version was released last month. With a few other improvements, macOS 12.2 provides new MacBook Pro users with an improved scrolling experience. The update also includes a new native Apple Music app and claims to fix an important security issue with Safari. Let’s take a look at the latest macOS 12.2 update and find out what it has in store for us.

Apple macOS 12.2 Update Changelog

macOS 12.2 update has been rolled out to all users over-the-air (OTA). In order to update your Mac to the latest macOS 12.2 Update, you can head to System Preferences > Software update. From there, you can flash the latest update on your device.

Regarding the changelog, while the latest macOS 12.2 update does not come with many changes, it does include a security fix for Safari alongside a bunch of other improvements and bug fixes. The Safari exploit was first patched by Apple in iOS 15.3 and macOS 12.2 RC, along with the official release of the macOS 12.2 update. Furthermore, the new macOS 12.2 update improves scrolling in Safari with ProMotion for new MacBook Pro users. Additionally, this update adds a new, native Apple Music app.

In total, the latest macOS 12.2 update comes with as many as 13 security fixes:

AMD Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22586: an anonymous researcher

ColorSync

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

Crash Reporter

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22578: an anonymous researcher

iCloud

Available for: macOS Monterey

Impact: An application may be able to access a user’s files

Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

Intel Graphics Driver

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto

IOMobileFrameBuffer

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed with improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

PackageKit

Available for: macOS Monterey

Impact: An application may be able to access restricted files

Description: A permissions issue was addressed with improved validation.

CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point

WebKit

Available for: macOS Monterey

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage

Available for: macOS Monterey

Impact: A website may be able to track sensitive user information

Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

The latest macOS update is currently being rolled out OTA to all eligible Mac devices and if you are using one of them, chances are that you must have received the update already. It is a pretty significant update when it comes to security fixes, and whenever you are planning on hitting the update button, make sure to keep a backup of your sensitive data. After all, it’s better safe than sorry.