The Mac Security Blog

Apple

Apple releases macOS 12.1, iOS 15.2, watchOS 8.3 and more

Posted on by

This week, Apple released released updates to all of its operating systems. We’ll have a look at what these updates have to offer in terms of security patches, while briefly covering new features.

macOS Monterey 12.1

The latest Mac operating system update is available for all supported Macs currently running macOS Monterey.

macOS Monterey 12.1 adds SharePlay, an entirely new way to have shared experiences with family and friends in FaceTime. This update also includes the Apple Music Voice Plan, new safety features for children and parents in Messages, redesigned Memories in Photos, and other features and bug fixes for your Mac.

At least 46 security-related patches are included in this update, including but not limited to:

AirPort
Impact: A device may be passively tracked via BSSIDs
Description: An access issue was addressed with improved access restrictions.

Bluetooth
Impact: A device may be passively tracked by its Bluetooth MAC address
Description: A device configuration issue was addressed with an updated configuration.

LaunchServices
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.

Preferences
Impact: A malicious application may be able to elevate privileges
Description: A race condition was addressed with improved state handling.

Wi-Fi
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: This issue was addressed with improved checks.

IOUSBHostFamily
Impact: A remote attacker may be able to cause unexpected application termination or heap corruption
Description: A race condition was addressed with improved locking.

Some of the vulnerabilities were attributed to Csaba Fitzl (@theevilbit), who said on Twitter that one patch in particular is easy to bypass. In other words, Apple could have done a better job of mitigating it. Fitzl did not publicly disclose which patch he was referring to or what the better fix would be.

Two of the three patches attributed to Fitzl were implemented in the Big Sur and Catalina updates as well. We currently do not know if the patch he is referring to affects the other macOS versions.

For the full list of security patches included in Monterey 12.1 have a look here.

You can get this update by going to System Preferences > Software Update where compatible Macs running macOS Mojave or newer will see the Monterey update. If your Mac is running High Sierra or older, look for macOS Monterey in the App Store and download it from there.

macOS Big Sur 11.6.2

Last time around I said, “This is the last ‘dot update’ we’re likely to see for macOS Big Sur. With macOS Monterey now available, Big Sur will likely continue to receive limited security updates for at least a year or two.” It turns out I was wrong, and Apple has released macOS Big Sur 11.6.2. This update is listed as being “recommended for all users and improves the security of macOS.” It includes 35 security patches, most of them the same as those seen in Monterey 12.1.

It is unclear why this update was a dot-release and not a Security Update, as it appears that no new features were introduced.

The full list of changes can be seen here and the update is available in System Preferences > Software Update on your Mac.

Security Update 2021-008 Catalina

This update includes at least 32 security patches that you can read about here. They are the same patches that were made in the 11.6.2 Big Sur update, minus a few. The update is available in System Preferences > Software Update on your Mac.

iOS 15.2 and iPadOS 15.2

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

The latest iOS and iPadOS versions, 15.2, allow access to the Apple Music Voice Plan, a new subscription tier that provides access to music using Siri. This update also includes the App Privacy Report, new safety features for children and parents in Messages, and other features and bug fixes for your iPhone.

It also adds at least 42 security patches, some of which include:

FaceTime
Impact: A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata
Description: This issue was addressed with improved handling of file metadata.

Notes
Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen
Description: The issue was addressed with improved permissions logic.

Password Manager
Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication
Description: An inconsistent user interface issue was addressed with improved state management.

NetworkExtension
Impact: A local attacker may be able to read sensitive information
Description: A permissions issue was addressed with improved validation.

The full list of security issues addressed can be found here.

To install the latest iOS updates, go to Settings > General > Software Update on your device.

watchOS 8.3

What happened to the watchOS 8.2 update? Nobody knows. Strangely, Apple’s version numbers skipped directly from 8.1.1 to 8.3.

Available for: Apple Watch Series 3 and later

watchOS 8.3 includes new features, improvements, and bug fixes, including:

  • Apple Music Voice Plan gives you access to all songs, playlists, and stations in Apple Music using Siri
  • Support for App Privacy Report to record data and sensor access
  • Fixes an issue where notifications may interrupt Mindfulness sessions unexpectedly for some users

At least 28 security patches are also included, most of them the same as those seen in the iOS and iPadOS updates. The full list can be found here.

To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

tvOS 15.2

Apple’s new tvOS 15.2 update introduces a new Memories experience for Photos, includes a new Store tab in the Apple TV app, brings support for the Apple Music Voice Plan, a new subscription tier designed to access music using Siri, supports additional Siri languages, and adds beautiful new screen savers. This update also includes performance and stability improvements. This update also includes 25 security patches that are the same as those seen in the iOS, iPadOS and watchOS updates.

The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

Whether you’re using iOS, iPadOS, or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.

See also our related article on checking your macOS backups:

How to Verify Your Backups are Working Properly

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →