[HN Gopher] About the security content of macOS Monterey 12.2 ___________________________________________________________________ About the security content of macOS Monterey 12.2 Author : ingve Score : 86 points Date : 2022-01-26 21:15 UTC (1 hours ago) (HTM) web link (support.apple.com) (TXT) w3m dump (support.apple.com) | varenc wrote: | There's also security updates the two older versions of macOS | | - Big Sur: https://support.apple.com/en-us/HT213055 | | - Catalina: https://support.apple.com/en-us/HT213056 | | Though the Monterey update fixes 13 CVEs and the Big Sur and | Catalina updates only address 7 and 5 CVEs respectively. | | It seems unlikely that Big Sur just isn't vulnerable to 6 of 13 | the Monterey CVEs and instead this is just Apple prioritizing | fixes for the latest macOS version. Officially Apple of course | only provides security updates for the latest version. | gregoriol wrote: | Big Sur is the latest supported version on some Retina MacBook | Pros, so it's not such a bad idea for Apple to still provide | updates for critical issues | smasher164 wrote: | Wow, that's a lot of ACEs. | olliej wrote: | Oh nice, they include an explicit acknowledgement section (in | addition to the more obscure acknowledgements in the bug | descriptions) | vineyardmike wrote: | This was long requested from the security community, so | hopefully they keep it up going forward! This would probably go | a long way in terms of rebuilding their developer trust. | aetherspawn wrote: | It's easy to stress over the number of things here, but remember: | every org probably has a huge list of these, known-and-sitting on | the backlog, so if there's this many in the changelog it means | that someone actually cares enough to bring them forward vs. yet | another UX refresh or something like that. | drewg123 wrote: | What is AMD kernel? The AMD graphics driver? Or is there a new | x86_64 port to AMD CPUs? :) | chipotle_coyote wrote: | I'm 99% sure it's the AMD graphics driver, yes. I did see | someone link the "amd-osx.com" website, but it seems unlikely | that Apple would be issuing security fixes for that. | adamparsons wrote: | Given another RCE bug was found in the intel graphics driver, | easiest speculation would probably suggest the graphics | driver. Also apple doesn't usually refer to them as drivers, | so that's probably adding confusion too. | kahrl wrote: | https://amd-osx.com/ | [deleted] | nyc640 wrote: | Thank you for posting this! Definitely had some concern about the | IndexedDB leak, so good to know the new release is out (and has a | fix for the issue) so I can update ASAP. | Canada wrote: | I wonder which older versions are vulnerable to CVE-2022-22586 | and which ones will be patched. | samtheprogram wrote: | Hard to tell; the security updates for Big Sur and Catalina | that came out today in tandem with this Monterrey release do | not mention it. | | Apple security updates: https://support.apple.com/en- | us/HT201222 | cudder wrote: | Is this as bad as it looks? | concinds wrote: | The "real" list is often much longer since Apple (IIRC) doesn't | add CVEs to bugs they discover interally, and doesn't disclose | them in these changelogs. | | And this update has very little security content compared to | previous ones, for example 12.1 had 42 entries (13 entries for | 12.2). | Closi wrote: | I don't think this is specific to Apple - I think it's the | practice of the entire industry. | samwillis wrote: | No, take a look at previous releases, there was even more in | them: | | 12.0.1: https://support.apple.com/en-gb/HT212869 | | 12.1: https://support.apple.com/en-gb/HT212978 | mttjj wrote: | Bad compared to what? | | "Microsoft's January 2022 Security Updates" looks comparable: | https://answers.microsoft.com/en-us/windows/forum/all/micros... | | Perhaps the parent comment was flamebait and I fell for it. ___________________________________________________________________ (page generated 2022-01-26 23:00 UTC)