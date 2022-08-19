apple has released an update of its Safari browser to the version 15.6.1 on older versions of macOS, namely 11 Big Sur and 10.15 Catalina, to address a critical security flaw that could be actively exploited. Long story short: it should be updated as soon as possible. The patch comes within hours of those for macOS 12 Monterey, iPadOS, and iOS, and they are related.
The patches for the operating systems in fact fix two flaws: one in the kernel of the operating system and one in the WebKit, which is the engine on which Safari is based. This vulnerability, cataloged with the initials CVE-2022-32893, is the same one fixed by the new version of Safari. The patch changelog does not include anything else. Basically, this patch is to protect older Macs that cannot be upgraded to the latest version of the operating system.
The bug allowed arbitrary code execution on the device via “purpose-built malicious web content”. More in-depth technical details have not been disclosed, at least so far. Apparently it was an external researcher who discovered the bug, which he preferred to remain anonymous.
Affected Macs should receive an update notification within the next few hours if they haven’t already. Recall that Apple does not update Safari through the App Store, as happens for example on Android for Chrome, but via system updates. Therefore, to check for new patches you need to go through > About This Mac> Software Update.