Navigation
Search
|
macOS Monterey 12.4 fixes 54 security flaws–these are the highest risk
Tuesday May 17, 2022. 05:19 PM , from Macworld Reviews
Apple on Monday released macOS Monterey 12.4, which takes Universal Control out of beta and brings anticipated refinements to the Studio Display’s webcam. However, even if you don’t care about those tweaks, you still shouldn’t drag your feet on updating. Apple has patched 54 security flaws and vulnerabilities in macOS 12.4, a whopping number that comes on the heels of an emergency patch (12.3.1) on March 31.
According to the descriptions Apple has supplied, several of the flaws are high risk and could allow an attacker to execute arbitrary code and take over your machine. Apple hasn’t divulged whether any of the flaws are known to have been exploited, but you should still update your machine as soon as possible. Based on documentation of the vulnerabilities, here are the most dangerous for regular users: DriverKit Impact: A malicious application may be able to execute arbitrary code with system privileges.Description: An out-of-bounds access issue was addressed with improved bounds checking.Intel Graphics Driver Impact: A malicious application may be able to execute arbitrary code with kernel privileges.Description: A memory corruption issue was addressed with improved input validation.IOKit Impact: An application may be able to execute arbitrary code with kernel privileges.Description: A race condition was addressed with improved locking.IOMobileFrameBuffer Impact: An application may be able to execute arbitrary code with kernel privileges.Description: A memory corruption issue was addressed with improved state management.Kernel Impact: An application may be able to execute arbitrary code with kernel privileges.Description: A memory corruption issue was addressed with improved validation.LaunchServices Impact: A sandboxed process may be able to circumvent sandbox restrictions.Description: An access issue was addressed with additional sandbox restrictions on third-party applications.libxml2 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution.Description: A use after free issue was addressed with improved memory management.Safari Private Browsing Impact: A malicious website may be able to track users in Safari private browsing mode.Description: A logic issue was addressed with improved state management.SoftwareUpdate Impact: A malicious application may be able to access restricted files.Description: This issue was addressed with improved entitlements.Wi-Fi Impact: An application may be able to execute arbitrary code with kernel privileges.Description: A memory corruption issue was addressed with improved memory handling. MacOS
https://www.macworld.com/article/702246/macos-monterey-12-4-security-update-high-risk.html
|
46 sources
Current Date
Apr, Fri 26 - 16:20 CEST
|