Last Updated on
MacOS Monterey 12.2 is one of the many updates Apple pushed to Macs, iPhones, iPads, and Apple Watches yesterday as part of a blanket fix for some big security issues and bugs. MacOS Monterey originally launched back in October 2021, with MacOS Monterey 12.1 launching in December 2021 heralding in the long-sought-after SharePlay support.
Users can update to macOS Monterey 12.2 right now by going to System Preferences > Updates, but why is this update so important? Furthermore, why has it dropped less than a month after the macOS latest feature update?
MacOS Monterey 12.2 – Should I update?
According to the Apple support page for macOS Monterey 12.2 there’s a slew of bug fixes this time around, so don’t expect any fancy new features until macOS Monterey 12.3 at the earliest. The biggest fix is a security issue that’s plagued iOS, PadOS, and macOS users over the last month or so.
Safari has a bug that allows malicious intent by leaking tab and Google Account information. This bug can also affect other browsers such as Google Chrome, making this update essential. Users should update all affected Apple products at their earliest opportunity. Just make sure they have over 50% battery charge and are plugged into a mains charger to avoid any update issues.
macOS Monterey 12.2 Bug Fixes
As we can see below, the various WebKit fixes involve the processing of malicious code, whilst unexpected fixes from areas such as ColorSync had an issue processing maliciously crafted files. Hackers really do try their best to break things, here’s the full rundown of fixes according to Apple themselves:
AMD Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-22586: an anonymous researcher
ColorSync
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro
Crash Reporter
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2022-22578: an anonymous researcher
iCloud
Available for: macOS Monterey
Impact: An application may be able to access a user’s files
Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.
CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)
Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs
Model I/O
Available for: macOS Monterey
Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed with improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro
PackageKit
Available for: macOS Monterey
Impact: An application may be able to access restricted files
Description: A permissions issue was addressed with improved validation.
CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point
WebKit
Available for: macOS Monterey
Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript
Description: A validation issue was addressed with improved input sanitization.
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: A logic issue was addressed with improved state management.
CVE-2022-22592: Prakash (@1lastBr3ath)
WebKit Storage
Available for: macOS Monterey
Impact: A website may be able to track sensitive user information
Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.
CVE-2022-22594: Martin Bajanik of FingerprintJS
For helpful how-to and guide content for iOS and Apple products, please visit and bookmark our iOS Hub.
