Apple this week rolled out an important upgrade for macOS users, bringing not just a slew of extra features and improvements, but some much-needed security patches as well. Supporting non-upgrading users, the same fixes are available in a separate security update for the previous-generation macOS iteration.
The Cupertino behemoth doesn’t make a big fuss about the security content of macOS 12.0.1 – aka ‘Monterey’ – choosing to focus on the new features it brings to the table, like Shortcuts, TestFlight, Universal Control, a redesigned Safari browser, AirPlay support, Live Text, and more.
However, the upgrade also packs a fair amount of security fixes – 39 in total. Most of them are also addressed in macOS 11.6.1, a security-only update for the OS version that Monterey supersedes. This is so that users who are holding off the upgrade can still apply the necessary patches.
If exploited properly, most vulnerabilities would enable an attacker to execute their own code with kernel privileges – essentially to take over the target machine.
Two flaws are addressed in the Model I/O department, where processing a maliciously crafted file may disclose user information or memory contents, the advisories say, adding two more reasons to patch.
Not all of the fixes are critical in nature, but there are some standouts.
For instance, a vulnerability in the Software Update department may allow a malicious application to gain access to a user's Keychain items, where passwords are stored locally.
To review the full list of fixes, visit the two advisories below:
About the security content of macOS Monterey 12.0.1
About the security content of macOS Big Sur 11.6.1
Upgrading to Monterey is recommended, both for security and usability reasons. But it’s not the only option if you’re simply out to address the security part and stick with Big Sur for a while longer. However, if upgrading seems like a hassle right now, it’s crucial that you at least update to macOS Big Sur 11.6.1 and patch these flaws ASAP.
Stay safe!
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024