{"id":95355,"date":"2022-02-14T23:50:11","date_gmt":"2022-02-15T07:50:11","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=95355"},"modified":"2022-02-15T00:30:27","modified_gmt":"2022-02-15T08:30:27","slug":"apple-releases-mystery-security-updates-for-macos-big-sur-catalina","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-mystery-security-updates-for-macos-big-sur-catalina\/","title":{"rendered":"Apple releases mystery security updates for macOS Big Sur, Catalina"},"content":{"rendered":"

\"\"<\/p>\n

On Monday, Apple released security updates for macOS Big Sur and macOS Catalina. But strangely, Apple did not provide a single detail about which security issues were addressed in the updates.<\/p>\n

Here’s what little we know about the latest macOS updates.<\/p>\n

What do macOS Big Sur 11.6.4 and Security Update 2022-002 Catalina include?<\/h3>\n

On Apple’s “What’s new in the updates for macOS Big Sur<\/a>” page, Apple simply states of macOS Big Sur 11.6.4<\/strong>:<\/p>\n

This update is recommended for all users and improves the security of macOS.<\/p><\/blockquote>\n

(Apple no longer updates its “What’s new in the updates for macOS Catalina<\/a>” page, so there is no specific statement there about the corresponding update, Security Update 2022-002 Catalina<\/strong>.)<\/p>\n

Usually, Apple provides details about security fixes at its “Apple security updates<\/a>” page.<\/p>\n

This time around, however, Apple is \u2014 at least so far \u2014 staying silent about what the latest updates include.<\/p>\n

\"\"

Apple offers no CVE details for macOS Big Sur 11.6.4 or Security Update 2022-002 Catalina.<\/p><\/div>\n

Instead, Apple simply states that “This update has no published CVE entries” for both updates. Vulnerabilities often have CVE numbers assigned to them to help researchers identify whether the same security issue affects multiple products.<\/p>\n

It is extremely rare for Apple to issue a security update without referencing any CVE numbers. In fact, this is the first case we could find where Apple published a security-only update for macOS that did not include a single CVE reference<\/strong> in its security release notes.<\/p>\n

We have reached out to Apple for comment. If Apple responds, we’ll update this article to include the company’s statement.<\/p>\n

What do the new Big Sur and Catalina updates likely NOT include?<\/h3>\n

One thing we can assume that the two updates do\u00a0not<\/em> include is a fix for the WebKit vulnerability that was already included in last week’s Safari 15.3 update<\/a> for both Big Sur and Catalina. Apple specifically named that vulnerability as CVE-2022-22620.<\/p>\n

Apple fixes active zero-day vuln with macOS 12.2.1, iOS 15.3.1, Safari 15.3<\/a><\/p><\/blockquote>\n