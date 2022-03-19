Apple started the week with a bang by releasing macOS Monterey 12.3 with several new features, including Universal Control, enhanced Spatial Audio support, and an LGBTQ Siri voice, but older Macs got an update that's just as important. While short on new features, macOS Big Sur 11.6.5 and Security Update 2022-003 Catalina each contain more than a dozen security patches, among other fixes. Among the updates are several that could lead to arbitrary code execution, including:



Accelerate Framework

Available for: macOS Big Sur

macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management.

A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher

AppleScript

Available for: macOS Big Sur, macOS Catalina

macOS Big Sur, macOS Catalina Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation.

A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

Intel Graphics Driver

Available for: macOS Big Sur, macOS Catalina

macOS Big Sur, macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges

An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling.

A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab

Kernel

Available for: macOS Big Sur, macOS Catalina

macOS Big Sur, macOS Catalina I mpact: An application may be able to execute arbitrary code with kernel privileges

An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher

Available for: macOS Big Sur, macOS Catalina

macOS Big Sur, macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges

An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management.

A use after free issue was addressed with improved memory management. CVE-2022-22615: an anonymous researcher

an anonymous researcher CVE-2022-22614: an anonymous researcher

There are also QuickTime Player, Siri, and WebKit fixes. We recommend running the update as soon as possible.

To download the latest update to your Mac, open the System Preferences app, then click Software Update, and Update Now.