Apple on Monday released MacOS Monterey 12.4, which takes universal control from beta and brings the expected refinement to the studio display’s webcam. However, even if you don’t pay attention to those tweaks, you don’t have to drag your feet when updating. Apple has patched 54 security flaws and vulnerabilities in MacOS 12.4, a huge number coming to the heels of an emergency patch (12.3.1) on March 31st.
According to the description provided by Apple, a number of bugs are high risk and can allow an attacker to run the code arbitrarily and take over your machine. Apple has not revealed whether any bugs have been exploited, but you should update your machine as soon as possible. Based on the vulnerability documentation, here are the most dangerous for regular users:
Driverkit
- Impact: A malicious application system may be able to execute code arbitrarily with privileges
- Description: An out-of-bounds access issue was resolved through advanced bound checking.
Intel graphics driver
- Impact: A malicious application may be able to execute code arbitrarily with kernel privileges.
- Description: The problem of a memory corruption was solved with improved input validity.
Iokit
- Impact: An application may be able to execute code arbitrarily with kernel privileges.
- Description: A race condition was addressed with improved locking.
IOMobileFrameBuffer
- Impact: An application may be able to execute code arbitrarily with kernel privileges.
- Description: The problem of a memory corruption was solved with improved state management.
Kernel
- Impact: An application may be able to execute code arbitrarily with kernel privileges.
- Description: The problem of a memory corruption was solved with improved legitimacy.
Launch service
- Impact: A sandboxed process may be able to avoid sandbox restrictions.
- Description: An access issue with additional sandbox restrictions on third party applications was resolved.
libxml2
- Impact: A remote attacker may be able to terminate an unexpected application or perform arbitrary code.
- Description: A use was addressed after free problems with advanced memory management.
Safari Private Browsing
- Impact: A malicious website Safari may be able to track users in private browsing mode
- Description: The problem of an argument with the management of the developed state was solved.
Software updates
- Impact: A malicious application may be able to access restricted files
- Description: This problem has been solved with advanced entitlements.
WiFi
- Impact: An application may be able to execute code arbitrarily with kernel privileges.
- Description: The problem of a memory corruption was solved with advanced memory management.