[HN Gopher] About the security content of macOS Monterey 12.2
___________________________________________________________________
About the security content of macOS Monterey 12.2
Author : ingve
Score : 86 points
Date : 2022-01-26 21:15 UTC (1 hours ago)
(HTM) web link (support.apple.com)
(TXT) w3m dump (support.apple.com)
| varenc wrote:
| There's also security updates the two older versions of macOS
|
| - Big Sur: https://support.apple.com/en-us/HT213055
|
| - Catalina: https://support.apple.com/en-us/HT213056
|
| Though the Monterey update fixes 13 CVEs and the Big Sur and
| Catalina updates only address 7 and 5 CVEs respectively.
|
| It seems unlikely that Big Sur just isn't vulnerable to 6 of 13
| the Monterey CVEs and instead this is just Apple prioritizing
| fixes for the latest macOS version. Officially Apple of course
| only provides security updates for the latest version.
| gregoriol wrote:
| Big Sur is the latest supported version on some Retina MacBook
| Pros, so it's not such a bad idea for Apple to still provide
| updates for critical issues
| smasher164 wrote:
| Wow, that's a lot of ACEs.
| olliej wrote:
| Oh nice, they include an explicit acknowledgement section (in
| addition to the more obscure acknowledgements in the bug
| descriptions)
| vineyardmike wrote:
| This was long requested from the security community, so
| hopefully they keep it up going forward! This would probably go
| a long way in terms of rebuilding their developer trust.
| aetherspawn wrote:
| It's easy to stress over the number of things here, but remember:
| every org probably has a huge list of these, known-and-sitting on
| the backlog, so if there's this many in the changelog it means
| that someone actually cares enough to bring them forward vs. yet
| another UX refresh or something like that.
| drewg123 wrote:
| What is AMD kernel? The AMD graphics driver? Or is there a new
| x86_64 port to AMD CPUs? :)
| chipotle_coyote wrote:
| I'm 99% sure it's the AMD graphics driver, yes. I did see
| someone link the "amd-osx.com" website, but it seems unlikely
| that Apple would be issuing security fixes for that.
| adamparsons wrote:
| Given another RCE bug was found in the intel graphics driver,
| easiest speculation would probably suggest the graphics
| driver. Also apple doesn't usually refer to them as drivers,
| so that's probably adding confusion too.
| kahrl wrote:
| https://amd-osx.com/
| [deleted]
| nyc640 wrote:
| Thank you for posting this! Definitely had some concern about the
| IndexedDB leak, so good to know the new release is out (and has a
| fix for the issue) so I can update ASAP.
| Canada wrote:
| I wonder which older versions are vulnerable to CVE-2022-22586
| and which ones will be patched.
| samtheprogram wrote:
| Hard to tell; the security updates for Big Sur and Catalina
| that came out today in tandem with this Monterrey release do
| not mention it.
|
| Apple security updates: https://support.apple.com/en-
| us/HT201222
| cudder wrote:
| Is this as bad as it looks?
| concinds wrote:
| The "real" list is often much longer since Apple (IIRC) doesn't
| add CVEs to bugs they discover interally, and doesn't disclose
| them in these changelogs.
|
| And this update has very little security content compared to
| previous ones, for example 12.1 had 42 entries (13 entries for
| 12.2).
| Closi wrote:
| I don't think this is specific to Apple - I think it's the
| practice of the entire industry.
| samwillis wrote:
| No, take a look at previous releases, there was even more in
| them:
|
| 12.0.1: https://support.apple.com/en-gb/HT212869
|
| 12.1: https://support.apple.com/en-gb/HT212978
| mttjj wrote:
| Bad compared to what?
|
| "Microsoft's January 2022 Security Updates" looks comparable:
| https://answers.microsoft.com/en-us/windows/forum/all/micros...
|
| Perhaps the parent comment was flamebait and I fell for it.
___________________________________________________________________
(page generated 2022-01-26 23:00 UTC)