Apple finally patches months-old security flaws in Big Sur, Catalina

Along with macOS Monterey 12.4, which brought the first non-beta version of Universal Control and refinements for the Studio Display’s webcam, Apple released Big Sur 11.6.6 and Security Update 2022-004 Catalina Monday to patch numerous flaws and vulnerabilities, some of which were patched months ago in Monterey.

Among the dozens of updates are several that “may lead to arbitrary code execution,” which are among the highest risk vulnerabilities. Two of the patches arrived in March with macOS Monterey 12.3.1 and had previously been known to have possibly been exploited:

AppleAVDAvailable for: macOS Catalina, macOS Big SurImpact: An application may be able to execute arbitrary code with kernel privileges.Description: An out-of-bounds write issue was addressed with improved bounds checking.Graphics DriversAvailable for: macOS Big SurImpact: A local user may be able to read kernel memory.Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.In addition, there are numerous other security patches related to a range of macOS functions, including Intel Graphics Driver, Kernel, OpenSSL, Printing, Wi-Fi, and WebKit. You can read the full range of updates on Apple’s security page.

We recommend updating your Mac as soon as possible. To update macOS Big Sur or Catalina, go to System Preferences, then Software Update and follow the prompts to download and install the update.

For advice on how to keep your Mac secure read: How secure is a Mac? Best Mac security settings
MacOS