Apple’s latest updates for Mac include fixes for various security vulnerabilities. macOS 12.2 patches 13 critical security vulnerabilities, ranging from Safari web browsing leaks to vulnerabilities that could allow malicious applications to access root permissions, kernel permissions, iCloud data, and more. 
We already know that the web browsing and Google Account ID vulnerabilities have been patched in advance of the arrival of RC versions of iOS 15.3 and macOS 12.2. However, Apple has now detailed a full list of security patches and documentation available for macOS 12.2.
Apple has also fixed many security issues with macOS 11.6.3 and macOS Catalina updates.
iOS 15.3 comes with 10 security fixes, 8 for watchOS 8.4. macOS 12.2 includes up to 13 security fixes.
In addition to the Safari web browsing vulnerability, other security issues have been patched, including the ability for apps to gain root privileges, the ability to execute arbitrary code with kernel privileges, access user files through iCloud, and more.
AMD Kernel
Applies to: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue has been addressed with improved bounds checking.
CVE-2022-22586: Anonymous Researcher
Color Sync
Applies to: macOS Monterey
Impact: Handling malicious Crafted files may lead to arbitrary code execution
Description: A memory corruption issue has been addressed with improved validation.
CVE-2022-22584: Mickey Jin from Trend Micro (@patch1t)
Crash Reporter
Applies to: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A logic issue has been addressed through improved validation.
CVE-2022-22578: Anonymous Researcher
iCloud
Applies to: macOS Monterey
Impacts: Application Maybe Able to access user's files
Description: An issue exists in the path validation logic for symbolic links. This issue has been addressed with improved path cleaning.
CVE-2022-22585: Huo Zhipeng (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)
Intel Graphics Driver
Applies to: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue has been addressed through improved memory handling.
CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto
IOMobileFrameBuffer
Applies to: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that this issue may be actively exploited.
Description: A memory corruption issue has been addressed with improved input validation.
CVE-2022-22587: Anonymous Researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Labs, Siddharth Aeri (@b1n4r1b01)
Core
Applies to: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: Buffers have been addressed with improved memory handling Overflow problem.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs
Model input/output
Applies to: macOS Monterey
Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
Description: An information disclosure issue has been addressed through improved state management.
CVE-2022-22579: Mickey Jin from Trend Micro (@patch1t)
Pack Suite
Applies to: macOS Monterey
Impact: An application may be able to access restricted files
Description: A permissions issue has been addressed with improved validation.
CVE-2022-22583: Anonymous researchers, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point
Network Suite
Applies to: macOS Monterey
Impact: Processing a maliciously crafted message may result in arbitrary javascript being run
Description: A validation issue has been addressed with improved input sanitization.
CVE-2022-22589: Heige of the KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Network Suite
Applies to: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use-after-free issue has been addressed with improved memory management.
CVE-2022-22590: Toan Pham from Ocean Security Team Orca (security.sea.com)
Cyber Suite
Applies to: macOS Monterey
Impact: Processing maliciously crafted web content may prevent enforcement of Content Security Policy
Description: A logic issue has been resolved with improved state management.
CVE-2022-22592: Prakash (@1lastBr3ath)
WebKit Storage
Applies to: macOS Monterey
Impacts : Websites may be able to track sensitive user information
Description: A cross-domain issue in the IndexDB API has been addressed through improved input validation.
CVE-2022-22594: Martin Bajanik of FingerprintJS
Core
us We would like to thank Tao Huang for his assistance.
metal
We would like to thank Tao Huang for his assistance.
Pack Kit
Thanks to Mickey Jin (@patch1t) and Mickey Jin (@patch1t) from Trend Micro for their assistance.
The above is the detailed content of macOS 12.2 patches 13 major security vulnerabilities affecting Safari, root access, iCloud, and more. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
