Apple on Wednesday released macOS 12.5 , an update to the Mac operating system . The update includes enhancements to the telly app and Safari , as well as hemipteran localization and security measures temporary hookup .
Here are the release notes :
macOS Monterey 12.5 include enhancement , germ mess and security updates .
• TV app adds the option to re-start a lively sport secret plan already in - progress and pause , rewind , or tight - forward
• Fixes an issue in Safari where a tabloid may revert back to a previous page
Some feature may not be available for all regions , or on all Apple devices .
This update is chock full of security measure update , according to themacOS 12.5 security living document . Here ’s a inclination of the security updates :
APFS
uncommitted for : macOS Monterey
Impact : An app with ancestor privileges may be able to execute arbitrary computer code with heart and soul privilege
Description : The issue was turn to with improved memory board handling .
CVE-2022 - 32832 : Tommy Muir ( @Muirey03 )
AppleMobileFileIntegrity
encroachment : An app may be able to make headway beginning privilege
Description : An authorization matter was addressed with improved Department of State direction .
CVE-2022 - 32826 : Mickey Jin ( @patch1 t ) of Trend Micro
Apple Neural Engine
Impact : An app may be able to execute arbitrary codification with kernel privileges
CVE-2022 - 32810 : Mohamed Ghannam ( @_simo36 )
verbal description : This consequence was direct with improved check .
CVE-2022 - 32840 : Mohamed Ghannam ( @_simo36 )
wallop : An app may be able to break out of its sandbox
CVE-2022 - 32845 : Mohamed Ghannam ( @_simo36 )
AppleScript
shock : work on a maliciously craft AppleScript binary may lead in unexpected termination or revealing of process memory
CVE-2022 - 32797 : Mickey Jin ( @patch1 t ) , Ye Zhang ( @co0py_Cat ) of Baidu Security , Mickey Jin ( @patch1 t ) of Trend Micro
verbal description : An out - of - bound read outcome was addressed with improved input validation .
CVE-2022 - 32851 : Ye Zhang ( @co0py_Cat ) of Baidu Security
CVE-2022 - 32852 : Ye Zhang ( @co0py_Cat ) of Baidu Security
CVE-2022 - 32853 : Ye Zhang ( @co0py_Cat ) of Baidu Security
verbal description : An out - of - bounds read publication was address with improved bounds checking .
CVE-2022 - 32831 : Ye Zhang ( @co0py_Cat ) of Baidu Security
Audio
verbal description : An out - of - bounds write takings was address with improved remark validation .
CVE-2022 - 32820 : an anonymous researcher
impingement : An app may be able-bodied to let out nub memory
CVE-2022 - 32825 : John Aakerblom ( @jaakerblom )
Automation
Impact : An app may be able to bypass Privacy preferences
Description : A logic issue was addressed with improved bank check .
CVE-2022 - 32789 : Zhipeng Huo ( @R3dF09 ) of Tencent Security Xuanwu Lab
Calendar
Impact : An app may be able to get at sensitive exploiter data
verbal description : The result was addressed with improved handling of cache .
CVE-2022 - 32805 : Csaba Fitzl ( @theevilbit ) of Offensive Security
CoreMedia
CVE-2022 - 32828 : Antonio Zekic ( @antoniozekic ) and John Aakerblom ( @jaakerblom )
CoreText
Impact : A outback drug user may cause an unexpected app outcome or arbitrary computer code execution
Description : The issue was addressed with improved boundary bridle .
CVE-2022 - 32839 : STAR Labs ( @starlabs_sg )
filing cabinet System event
Description : A logic issue was addressed with improved state management .
CVE-2022 - 32819 : Joshua Mason of Mandiant
GPU Drivers
Description : Multiple out - of - bounds write issue were speak with improved bounds checking .
CVE-2022 - 32793 : an anon. researcher
verbal description : A retentivity putrescence issue was addressed with improved validation .
CVE-2022 - 32821 : John Aakerblom ( @jaakerblom )
iCloud Photo Library
Description : An information disclosure publication was addressed by removing the vulnerable computer code .
CVE-2022 - 32849 : Joshua Jones
ICU
wallop : Processing maliciously crafted internet mental object may lead to arbitrary computer code execution
Description : An out - of - boundary write issue was addressed with improved limit tally .
CVE-2022 - 32787 : Dohyun Lee ( @l33d0hyun ) of SSD Secure Disclosure Labs & DNSLab , Korea Univ .
ImageIO
impingement : process a maliciously crafted icon may result in revealing of process memory
CVE-2022 - 32841 : hjy79425575
encroachment : Processing an image may lead to a denial - of - service
Description : A null cursor dereference was addressed with improved validation .
CVE-2022 - 32785 : Yiğit Can YILMAZ ( @yilmazcanyigit )
Intel Graphics Driver
verbal description : A memory corruptness exposure was addressed with improved locking .
CVE-2022 - 32811 : ABC Research s.r.o
CVE-2022 - 32812 : Yinyi Wu ( @3ndy1 ) , ABC Research s.r.o .
center
CVE-2022 - 32813 : Xinru Chi of Pangu Lab
CVE-2022 - 32815 : Xinru Chi of Pangu Lab
CVE-2022 - 32817 : Xinru Chi of Pangu Lab
CVE-2022 - 32829 : an anonymous research worker
Liblouis
impingement : An app may stimulate unexpected app termination or arbitrary code instruction execution
CVE-2022 - 26981 : Hexhive ( hexhive.epfl.ch ) , NCNIPC of China ( nipc.org.cn )
libxml2
Impact : An app may be able to leak tender user information
verbal description : A retention initialization issue was addressed with improved memory board handling .
CVE-2022 - 32823
Multi - Touch
verbal description : A case confusion subject was handle with improved check .
CVE-2022 - 32814 : Pan ZhenPeng ( @Peterpan0927 )
Description : A type confusion issue was addressed with improved state handling .
PackageKit
Impact : An app may be able-bodied to modify protect parts of the file cabinet system
Description : An government issue in the treatment of environs variables was addressed with improved validation .
CVE-2022 - 32786 : Mickey Jin ( @patch1 t )
CVE-2022 - 32800 : Mickey Jin ( @patch1 t )
PluginKit
Impact : An app may be able to read arbitrary files
CVE-2022 - 32838 : Mickey Jin ( @patch1 t ) of Trend Micro
PS Normalizer
encroachment : Processing a maliciously craft Postscript file may result in unexpected app termination or revelation of cognitive operation memory
CVE-2022 - 32843 : Kai Lu of Zscaler ’s ThreatLabz
SMB
Description : A memory degeneracy payoff was addressed with improved state direction .
CVE-2022 - 32796 : Sreejith Krishnan R ( @skr0x1c0 )
impingement : An app may be able to realise elevated privileges
CVE-2022 - 32842 : Sreejith Krishnan R ( @skr0x1c0 )
CVE-2022 - 32798 : Sreejith Krishnan R ( @skr0x1c0 )
Impact : A user in a privileged connection position may be able to leak out sensitive info
CVE-2022 - 32799 : Sreejith Krishnan R ( @skr0x1c0 )
Impact : An app may be able to leak sensitive kernel state
CVE-2022 - 32818 : Sreejith Krishnan R ( @skr0x1c0 )
Software Update
impingement : A drug user in a privileged web lieu can track a user ’s activity
verbal description : This military issue was address by using hypertext transfer protocol when send information over the internet .
CVE-2022 - 32857 : Jeffrey Paul ( sneak.berlin )
Spindump
wallop : An app may be able to overwrite arbitrary files
verbal description : This issue was accost with improved file treatment .
CVE-2022 - 32807 : Zhipeng Huo ( @R3dF09 ) of Tencent Security Xuanwu Lab
limelight
CVE-2022 - 32801 : Joshua Mason ( @josh@jhu.edu )
corruption
impingement : Multiple issuing in subversive activity
verbal description : Multiple issues were address by updating subversion .
CVE-2021 - 28544 : Evgeny Kotkov , visualsvn.com
CVE-2022 - 24070 : Evgeny Kotkov , visualsvn.com
CVE-2022 - 29046 : Evgeny Kotkov , visualsvn.com
CVE-2022 - 29048 : Evgeny Kotkov , visualsvn.com
TCC
verbal description : An accession issue was deal with improvements to the sandpile .
CVE-2022 - 32834 : Zhipeng Huo ( @R3dF09 ) and Yuebin Sun ( @yuebinsun2020 ) of Tencent Security Xuanwu Lab ( xlab.tencent.com )
WebKit
shock : confabulate a website that cast malicious substance may lead to UI spoofing
Description : The issue was direct with improved UI handling .
WebKit Bugzilla : 239316CVE-2022 - 32816 : Dohyun Lee ( @l33d0hyun ) of SSD Secure Disclosure Labs & DNSLab , Korea Univ .
WebKit Bugzilla : 240720CVE-2022 - 32792 : Manfred Paul ( @_manfp ) working with Trend Micro Zero Day Initiative
WebRTC
Impact : Processing maliciously crafted internet content may lead to arbitrary code execution .
WebKit Bugzilla : 242339CVE-2022 - 2294 : Jan Vojtesek of Avast Threat Intelligence squad
Wi - Fi
Impact : An app may be able to induce unexpected system resultant or drop a line kernel computer memory
CVE-2022 - 32837 : Wang Yu of Cyberserval
Impact : A remote exploiter may be able to stimulate unexpected system expiration or corrupt substance store
CVE-2022 - 32847 : Wang Yu of Cyberserval
Windows Server
encroachment : An app may be able to enamour a exploiter ’s blind
CVE-2022 - 32848 : Jeremy Legendre of MacEnhance
How to update to macOS 12.5
you could also set your Mac to automatically update . For details of how to do that , and more information about updating macOS , read : How to update macOS .
take about thelatest edition of macOS Montereyfor news about the problems with , and fixes coming to , the current version of macOS .
