macOS 12.4 bản chính thức được phát hành ngày hôm nay, sửa hơn 50 lỗi trong hệ thống và lỗi webcam chụp hình xấu.
- 1. Hướng dẫn cách cập nhật macOS 12.4 Monterey chính thức
-
2.
Bản sửa lỗi của macOS 12.4 Monterey
- 2.1. AMD
- 2.2. AMD
- 2.3. apache
- 2.4. AppleGraphicsControl
- 2.5. AppleScript
- 2.6. AppleScript
- 2.7. AVEVideoEncoder
- 2.8. Contacts
- 2.9. CVMS
- 2.10. DriverKit
- 2.11. ImageIO
- 2.12. ImageIO
- 2.13. Intel Graphics Driver
- 2.14. Intel Graphics Driver
- 2.15. Intel Graphics Driver
- 2.16. Intel Graphics Driver
- 2.17. IOKit
- 2.18. IOMobileFrameBuffer
- 2.19. Kernel
- 2.20. Kernel
- 2.21. Kernel
- 2.22. Kernel
- 2.23. LaunchServices
- 2.24. LaunchServices
- 2.25. libresolv
- 2.26. libresolv
- 2.27. LibreSSL
- 2.28. libxml2
- 2.29. OpenSSL
- 2.30. PackageKit
- 2.31. PackageKit
- 2.32. Preview
- 2.33. Printing
- 2.34. Safari Private Browsing
- 2.35. Security
- 2.36. SMB
- 2.37. SMB
- 2.38. SMB
- 2.39. SoftwareUpdate
- 2.40. Spotlight
- 2.41. TCC
- 2.42. Tcl
- 2.43. WebKit
- 2.44. WebKit
- 2.45. WebKit
- 2.46. WebRTC
- 2.47. Wi-Fi
- 2.48. Wi-Fi
- 2.49. Wi-Fi
- 2.50. zip
- 2.51. zlib
- 2.52. zsh
Hướng dẫn cách cập nhật macOS 12.4 Monterey chính thức
- Kết nối máy Mac với nguồn điện.
- Vào menu > System Preferences > Software Update.
- Chờ download > Update Now > Chờ máy cài đặt và khởi động lại.
Bản sửa lỗi của macOS 12.4 Monterey
Chi tiết nguyên văn như sau:
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application’s permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed with Preview Inspector
Description: A logic issue was addressed with improved state management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy preferences
Description: The issue was addressed with additional permissions checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow was addressed with improved input validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts of the file system
Description: This issue was addressed by removing the vulnerable code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application’s permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy preferences
Description: This issue was addressed by removing the vulnerable code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari private browsing mode
Description: A logic issue was addressed with improved state management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user’s screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its sandbox
Description: This issue was addressed with improved environment sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code execution
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: macOS Monterey
Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call
Description: A logic issue in the handling of concurrent media was addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of service
Description: A denial of service issue was addressed with improved state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code execution
Description: This issue was addressed by updating to zsh version 5.8.1.
CVE-2021-45444