Day two – another zero day vuln patched for Apple

Topic

New Reply

1 zero day in Safari 15.6.1 for Big Sur and Catalina Anytime there is a browser vulnerability – I don’t wait and install it immediately. “Processing m
[See the full post at: Day two – another zero day vuln patched for Apple]

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

BobbyB, DrBonzo

Reply | Quote

Replies

Thanks. In case someone is wondering: nothing yet for the Monterey’s version of Safari: the latest version still is 15.6 .

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The webkit vulnerability fix in the patch for Safari 15.6.1 for Catalina is the same as for one of the vulnerabilities in the Monterey 12.5.1 patch. So if you install the latest Monterey update you’ll get the latest Safari patch.

Reply | Quote

DrBonzo: The funny thing is that I am being offered right now only the very recent update/patch for Monterey. So recent that I am still waiting until next week to install it, as it is always my way. Maybe there is no new patch for Monterey’s Safari, or it has not been deployed yet. If so, that would be unusual.

But, if I read you correctly, I do wonder: is this Safari patch meant to fix a problem related to the latest Monterey update, so it will be available only after the Monterey one is installed?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Go here: https://support.apple.com/en-us/HT201222

Click on the Safari 15.6.1 link and note the CVE number at the end of the webkit description.

Now click on the Monterey 12.5.1 link and note the CVE number at the end of the webkit description.

The two CVE numbers are the same (as are the two bugzilla numbers). So if you install the latest Monterey patch you will get the Safari patch; the Safari patch will not be offered to you separately because you are already being offered the Safari patch when you are offered the Monterey patch.

2 users thanked author for this post.

bassmanzam, OscarCP

Reply | Quote

The way Apple updates Safari on macOS is interesting. If you are running the most recent version of macOS (the one still in “mainstream support”, to borrow from Windows terminology), then Safari updates are bundled with OS updates, so in order to update Safari, you have to install an OS update (and restart your computer). If you are running an older version of macOS (like those in “extended support”, currently Big Sur and Catalina), then Safari updates are uncoupled from OS updates, and are offered separately in Software Update. You can update Safari in this case without having to restart your computer.

3 users thanked author for this post.

bassmanzam, DrBonzo, OscarCP

Reply | Quote

OscarCP wrote:

nothing yet for the Monterey’s version of Safari: the latest version still is 15.6 .

https://www.askwoody.com/forums/topic/two-zero-days-out-for-mac-monterey/#post-2471128

Reply | Quote