Apple released macOS 12.4 and iOS 15.5 on Monday, May 16 to remediate nearly 30 vulnerabilities in iOS and over 50 in macOS (in addition to new features). Both releases for iOS and macOS fix vulnerabilities that allow arbitrary code execution with kernel privileges, denial of service (DoS), and elevation of privileges.
Apple also released updates to Safari, tvOS, iPadOS, watchOS, and Xcode. More information on those updates can be found on Apple’s support page.
macOS Vulnerabilities
Apple released macOS Monterey 12.4, Big Sur 11.6.6, and security update 2022-004 for Catalina to remediate over 50 security vulnerabilities. If you run systems on Monterey, Big Sur, or Catalina, we recommend patching within 72 hours due to the volume and severity of vulnerabilities fixed in both releases.
Most notably, macOS Monterey 12.4 fixes arbitrary code execution vulnerabilities in:
AMD
AppleGraphicsControl
AVEVideoEncoder
DriverKit
ImageIO
Intel Graphics Driver
IOKit
Kernel
libresolv
libxml2
SMB
WebKit
Wi-Fi
zsh
zlib
Notably, Intel Graphics Driver is vulnerable to arbitrary code execution with kernel privileges and was previously the target of a zero-day Apple patched in late March 2022. Subsequently, it was added to CISA’s Known Exploited Vulnerabilities Catalog.
Recommended Remediation
If you have systems that run macOS Monterey, Big Sur, or Catalina we recommend applying Apple’s updates within 72 hours as multiple vulnerabilities allow for arbitrary code execution with kernel privileges.
Apple does not mention if any of these vulnerabilities are being actively exploited, though we can assume attackers will be attempting to weaponize these vulnerabilities as they have in 2022, with Apple patching five zero-days thus far.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.