Apple has finally rolled out the stable macOS 12.2 update after the beta version was released last month. With a few other improvements, macOS 12.2 provides new MacBook Pro users with an improved scrolling experience. The update also includes a new native Apple Music app and claims to fix an important security issue with Safari. Let’s take a look at the latest macOS 12.2 update and find out what it has in store for us.
Apple macOS 12.2 Update Changelog
macOS 12.2 update has been rolled out to all users over-the-air (OTA). In order to update your Mac to the latest macOS 12.2 Update, you can head to System Preferences > Software update. From there, you can flash the latest update on your device.
Regarding the changelog, while the latest macOS 12.2 update does not come with many changes, it does include a security fix for Safari alongside a bunch of other improvements and bug fixes. The Safari exploit was first patched by Apple in iOS 15.3 and macOS 12.2 RC, along with the official release of the macOS 12.2 update. Furthermore, the new macOS 12.2 update improves scrolling in Safari with ProMotion for new MacBook Pro users. Additionally, this update adds a new, native Apple Music app.
Subscribe to Onsitego
Get the latest technology news, reviews, and opinions on tech products right into your inboxIn total, the latest macOS 12.2 update comes with as many as 13 security fixes:
AMD Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-22586: an anonymous researcher
ColorSync
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro
Crash Reporter
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2022-22578: an anonymous researcher
iCloud
Available for: macOS Monterey
Impact: An application may be able to access a user’s files
Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.
CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)
Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs
Model I/O
Available for: macOS Monterey
Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed with improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro
PackageKit
Available for: macOS Monterey
Impact: An application may be able to access restricted files
Description: A permissions issue was addressed with improved validation.
CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point
WebKit
Available for: macOS Monterey
Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript
Description: A validation issue was addressed with improved input sanitization.
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: A logic issue was addressed with improved state management.
CVE-2022-22592: Prakash (@1lastBr3ath)
WebKit Storage
Available for: macOS Monterey
Impact: A website may be able to track sensitive user information
Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.
CVE-2022-22594: Martin Bajanik of FingerprintJS
The latest macOS update is currently being rolled out OTA to all eligible Mac devices and if you are using one of them, chances are that you must have received the update already. It is a pretty significant update when it comes to security fixes, and whenever you are planning on hitting the update button, make sure to keep a backup of your sensitive data. After all, it’s better safe than sorry.
Discussion about this post