• Day two – another zero day vuln patched for Apple

    Home » Forums » Newsletter and Homepage topics » Day two – another zero day vuln patched for Apple

    Author
    Topic
    #2471154

    1 zero day in Safari 15.6.1 for Big Sur and Catalina Anytime there is a browser vulnerability – I don’t wait and install it immediately. “Processing m
    [See the full post at: Day two – another zero day vuln patched for Apple]

    Susan Bradley Patch Lady

    2 users thanked author for this post.
    Viewing 1 reply thread
    Author
    Replies
    • #2471160

      Thanks. In case someone is wondering: nothing yet for the Monterey’s version of Safari: the latest version still is 15.6 .

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2471164

        The webkit vulnerability fix in the patch for Safari 15.6.1 for Catalina is the same as for one of the vulnerabilities in the Monterey 12.5.1 patch. So if you install the latest Monterey update you’ll get the latest Safari patch.

        • #2471171

          DrBonzo: The funny thing is that I am being offered right now only the very recent update/patch for Monterey. So recent that I am still waiting until next week to install it, as it is always my way. Maybe there is no new patch for Monterey’s Safari, or it has not been deployed yet. If so, that would be unusual.

          But, if I read you correctly, I do wonder: is this Safari patch meant to fix a problem related to the latest Monterey update, so it will be available only after the Monterey one is installed?

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          • #2471173

            Go here: https://support.apple.com/en-us/HT201222

            Click on the Safari 15.6.1 link and note the CVE number at the end of the webkit description.

            Now click on the Monterey 12.5.1 link and note the CVE number at the end of the webkit description.

            The two CVE numbers are the same (as are the two bugzilla numbers). So if you install the latest Monterey patch you will get the Safari patch; the Safari patch will not be offered to you separately because you are already being offered the Safari patch when you are offered the Monterey patch.

            2 users thanked author for this post.
            • #2471195

              The way Apple updates Safari on macOS is interesting. If you are running the most recent version of macOS (the one still in “mainstream support”, to borrow from Windows terminology), then Safari updates are bundled with OS updates, so in order to update Safari, you have to install an OS update (and restart your computer). If you are running an older version of macOS (like those in “extended support”, currently Big Sur and Catalina), then Safari updates are uncoupled from OS updates, and are offered separately in Software Update. You can update Safari in this case without having to restart your computer.

              3 users thanked author for this post.
    • #2471211

      nothing yet for the Monterey’s version of Safari: the latest version still is 15.6 .

      https://www.askwoody.com/forums/topic/two-zero-days-out-for-mac-monterey/#post-2471128

    Viewing 1 reply thread
    Reply To: Day two – another zero day vuln patched for Apple

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: