MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
macos
Search

macOS Monterey 12.5 is now available and full of security updates

Wednesday May 18, 2022. 08:07 PM , from Mac 911
Apple on Wednesday released macOS 12.5, an update to the Mac operating system. The update includes enhancements to the TV app and Safari, as well as bug fixes and security patches.

Here are the release notes:

macOS Monterey 12.5 includes enhancements, bug fixes and security updates.• TV app adds the option to restart a live sports game already in-progress and pause, rewind, or fast-forward• Fixes an issue in Safari where a tab may revert back to a previous pageSome features may not be available for all regions, or on all Apple devices.

This update is chock full of security updates, according to the macOS 12.5 security support document. Here’s a list of the security updates:

APFSAvailable for: macOS MontereyImpact: An app with root privileges may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32832: Tommy Muir (@Muirey03)AppleMobileFileIntegrityAvailable for: macOS MontereyImpact: An app may be able to gain root privilegesDescription: An authorization issue was addressed with improved state management.CVE-2022-32826: Mickey Jin (@patch1t) of Trend MicroApple Neural EngineAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32810: Mohamed Ghannam (@_simo36)Apple Neural EngineAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: This issue was addressed with improved checks.CVE-2022-32840: Mohamed Ghannam (@_simo36)Apple Neural EngineAvailable for: macOS MontereyImpact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-32845: Mohamed Ghannam (@_simo36)AppleScriptAvailable for: macOS MontereyImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memoryDescription: This issue was addressed with improved checks.CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend MicroAppleScriptAvailable for: macOS MontereyImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memoryDescription: An out-of-bounds read issue was addressed with improved input validation.CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu SecurityCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu SecurityCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu SecurityAppleScriptAvailable for: macOS MontereyImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memoryDescription: An out-of-bounds read issue was addressed with improved bounds checking.CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu SecurityAudioAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: An out-of-bounds write issue was addressed with improved input validation.CVE-2022-32820: an anonymous researcherAudioAvailable for: macOS MontereyImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32825: John Aakerblom (@jaakerblom)AutomationAvailable for: macOS MontereyImpact: An app may be able to bypass Privacy preferencesDescription: A logic issue was addressed with improved checks.CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu LabCalendarAvailable for: macOS MontereyImpact: An app may be able to access sensitive user informationDescription: The issue was addressed with improved handling of caches.CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive SecurityCoreMediaAvailable for: macOS MontereyImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)CoreTextAvailable for: macOS MontereyImpact: A remote user may cause an unexpected app termination or arbitrary code executionDescription: The issue was addressed with improved bounds checks.CVE-2022-32839: STAR Labs (@starlabs_sg)File System EventsAvailable for: macOS MontereyImpact: An app may be able to gain root privilegesDescription: A logic issue was addressed with improved state management.CVE-2022-32819: Joshua Mason of MandiantGPU DriversAvailable for: macOS MontereyImpact: An app may be able to disclose kernel memoryDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.CVE-2022-32793: an anonymous researcherGPU DriversAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A memory corruption issue was addressed with improved validation.CVE-2022-32821: John Aakerblom (@jaakerblom)iCloud Photo LibraryAvailable for: macOS MontereyImpact: An app may be able to access sensitive user informationDescription: An information disclosure issue was addressed by removing the vulnerable code.CVE-2022-32849: Joshua JonesICUAvailable for: macOS MontereyImpact: Processing maliciously crafted web content may lead to arbitrary code executionDescription: An out-of-bounds write issue was addressed with improved bounds checking.CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.ImageIOAvailable for: macOS MontereyImpact: Processing a maliciously crafted image may result in disclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)Intel Graphics DriverAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A memory corruption vulnerability was addressed with improved locking.CVE-2022-32811: ABC Research s.r.oIntel Graphics DriverAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.KernelAvailable for: macOS MontereyImpact: An app with root privileges may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32813: Xinru Chi of Pangu LabCVE-2022-32815: Xinru Chi of Pangu LabKernelAvailable for: macOS MontereyImpact: An app may be able to disclose kernel memoryDescription: An out-of-bounds read issue was addressed with improved bounds checking.CVE-2022-32817: Xinru Chi of Pangu LabKernelAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: This issue was addressed with improved checks.CVE-2022-32829: an anonymous researcherLiblouisAvailable for: macOS MontereyImpact: An app may cause unexpected app termination or arbitrary code executionDescription: This issue was addressed with improved checks.CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)libxml2Available for: macOS MontereyImpact: An app may be able to leak sensitive user informationDescription: A memory initialization issue was addressed with improved memory handling.CVE-2022-32823Multi-TouchAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A type confusion issue was addressed with improved checks.CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)Multi-TouchAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A type confusion issue was addressed with improved state handling.CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)PackageKitAvailable for: macOS MontereyImpact: An app may be able to modify protected parts of the file systemDescription: An issue in the handling of environment variables was addressed with improved validation.CVE-2022-32786: Mickey Jin (@patch1t)PackageKitAvailable for: macOS MontereyImpact: An app may be able to modify protected parts of the file systemDescription: This issue was addressed with improved checks.CVE-2022-32800: Mickey Jin (@patch1t)PluginKitAvailable for: macOS MontereyImpact: An app may be able to read arbitrary filesDescription: A logic issue was addressed with improved state management.CVE-2022-32838: Mickey Jin (@patch1t) of Trend MicroPS NormalizerAvailable for: macOS MontereyImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memoryDescription: An out-of-bounds write issue was addressed with improved bounds checking.CVE-2022-32843: Kai Lu of Zscaler’s ThreatLabzSMBAvailable for: macOS MontereyImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A memory corruption issue was addressed with improved state management.CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)SMBAvailable for: macOS MontereyImpact: An app may be able to gain elevated privilegesDescription: An out-of-bounds read issue was addressed with improved input validation.CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)SMBAvailable for: macOS MontereyImpact: An app may be able to gain elevated privilegesDescription: An out-of-bounds write issue was addressed with improved input validation.CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)SMBAvailable for: macOS MontereyImpact: A user in a privileged network position may be able to leak sensitive informationDescription: An out-of-bounds read issue was addressed with improved bounds checking.CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)SMBAvailable for: macOS MontereyImpact: An app may be able to leak sensitive kernel stateDescription: The issue was addressed with improved memory handling.CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)Software UpdateAvailable for: macOS MontereyImpact: A user in a privileged network position can track a user’s activityDescription: This issue was addressed by using HTTPS when sending information over the network.CVE-2022-32857: Jeffrey Paul (sneak.berlin)SpindumpAvailable for: macOS MontereyImpact: An app may be able to overwrite arbitrary filesDescription: This issue was addressed with improved file handling.CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu LabSpotlightAvailable for: macOS MontereyImpact: An app may be able to gain root privilegesDescription: This issue was addressed with improved checks.CVE-2022-32801: Joshua Mason (@josh@jhu.edu)subversionAvailable for: macOS MontereyImpact: Multiple issues in subversionDescription: Multiple issues were addressed by updating subversion.CVE-2021-28544: Evgeny Kotkov, visualsvn.comCVE-2022-24070: Evgeny Kotkov, visualsvn.comCVE-2022-29046: Evgeny Kotkov, visualsvn.comCVE-2022-29048: Evgeny Kotkov, visualsvn.comTCCAvailable for: macOS MontereyImpact: An app may be able to access sensitive user informationDescription: An access issue was addressed with improvements to the sandbox.CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)WebKitAvailable for: macOS MontereyImpact: Visiting a website that frames malicious content may lead to UI spoofingDescription: The issue was addressed with improved UI handling.WebKit Bugzilla: 239316CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.WebKitAvailable for: macOS MontereyImpact: Processing maliciously crafted web content may lead to arbitrary code executionDescription: An out-of-bounds write issue was addressed with improved input validation.WebKit Bugzilla: 240720CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day InitiativeWebRTCAvailable for: macOS MontereyImpact: Processing maliciously crafted web content may lead to arbitrary code execution.Description: A memory corruption issue was addressed with improved state management.WebKit Bugzilla: 242339CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence teamWi-FiAvailable for: macOS MontereyImpact: An app may be able to cause unexpected system termination or write kernel memoryDescription: This issue was addressed with improved checks.CVE-2022-32837: Wang Yu of CyberservalWi-FiAvailable for: macOS MontereyImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memoryDescription: This issue was addressed with improved checks.CVE-2022-32847: Wang Yu of CyberservalWindows ServerAvailable for: macOS MontereyImpact: An app may be able to capture a user’s screenDescription: A logic issue was addressed with improved checks.CVE-2022-32848: Jeremy Legendre of MacEnhance

How to update to macOS 12.5

Open System Preferences.Click on Software Update.Your Mac will spend a minute or so checking for updates, if an update is available for your Mac you’ll have the option to click on Upgrade Now and then download the installer for the update to macOS.While the installer is being downloaded you will be able to continue to use your Mac. Once the installer has downloaded you can click to install the new update.You can also set your Mac to automatically update. For details of how to do that, and more information about updating macOS, read: How to update macOS.

Read about the latest version of macOS Monterey for news about the problems with, and fixes coming to, the current version of macOS.
Mac, MacOS
https://www.macworld.com/article/702808/macos-monterey-12-5-beta-features-install.html
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Thu 28 - 13:41 CET