MacOS Monterey 12.2 update is live – should you update?

Grab this security update sooner rather than later

MacOS Monterey 12.2 2

You can trust PC GuideOur team of experts use a combination of independent consumer research, in-depth testing where appropriate – which will be flagged as such, and market analysis when recommending products, software and services. Find out how we test here.

Last Updated on

MacOS Monterey 12.2 is one of the many updates Apple pushed to Macs, iPhones, iPads, and Apple Watches yesterday as part of a blanket fix for some big security issues and bugs. MacOS Monterey originally launched back in October 2021, with MacOS Monterey 12.1 launching in December 2021 heralding in the long-sought-after SharePlay support.

Credit: Pexels

Users can update to macOS Monterey 12.2 right now by going to System Preferences > Updates, but why is this update so important? Furthermore, why has it dropped less than a month after the macOS latest feature update?

MacOS Monterey 12.2 – Should I update?

According to the Apple support page for macOS Monterey 12.2 there’s a slew of bug fixes this time around, so don’t expect any fancy new features until macOS Monterey 12.3 at the earliest. The biggest fix is a security issue that’s plagued iOS, PadOS, and macOS users over the last month or so.

Safari has a bug that allows malicious intent by leaking tab and Google Account information. This bug can also affect other browsers such as Google Chrome, making this update essential. Users should update all affected Apple products at their earliest opportunity. Just make sure they have over 50% battery charge and are plugged into a mains charger to avoid any update issues.

Credit: Pexels

macOS Monterey 12.2 Bug Fixes

As we can see below, the various WebKit fixes involve the processing of malicious code, whilst unexpected fixes from areas such as ColorSync had an issue processing maliciously crafted files. Hackers really do try their best to break things, here’s the full rundown of fixes according to Apple themselves:

AMD Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22586: an anonymous researcher

ColorSync

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

Crash Reporter

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22578: an anonymous researcher

iCloud

Available for: macOS Monterey

Impact: An application may be able to access a user’s files

Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

Intel Graphics Driver

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto

IOMobileFrameBuffer

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed with improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

PackageKit

Available for: macOS Monterey

Impact: An application may be able to access restricted files

Description: A permissions issue was addressed with improved validation.

CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point

WebKit

Available for: macOS Monterey

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage

Available for: macOS Monterey

Impact: A website may be able to track sensitive user information

Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

For helpful how-to and guide content for iOS and Apple products, please visit and bookmark our iOS Hub.

Christian 'Reggie' Waits' is a contributor to PC Guide, having written a wide array of how to and buying guide content.

​