I recently wrote a diary on the SANS Internet Storm Center about multiple Apple patches for October 2021.
Please click here to read the full diary entry. Alternatively, the full diary is reposted in full below.
With the recent release of macOS Monterey 12.0.1, multiple security vulnerabilities were addressed [1]. For users who were not keen to update to macOS Monterey either due to personal or operational reasons, security updates for macOS Catalina [2] and macOS Big Sur [3] were also made available.
However, Apple has yet released another set of security updates for macOS Big Sur and macOS Catalina, and specifically for Safari on those 2 operating systems just a few hours ago [4]. The security updates fixes WebKit related vulnerabilities (CVE-2021-30887, CVE-2021-30888, CVE-2021-30889 and CVE-2021-30890). The security updates for these vulnerabilities were included in the macOS Monterey 12.0.1 release [1], but were not present in the security updates for macOS Catalina [2] and macOS Big Sur [3] released recently.
Users who installed Security Update 2021-007 Catalina or macOS Big Sur 11.6.1 might have thought that was all for security updates, but there’s still one more to install! Although there has been no indication that this issue may have been actively exploited, it is recommended that affected devices be updated as soon as possible.
References:
[1] https://support.apple.com/kb/HT212869
[2] https://support.apple.com/kb/HT212871
[3] https://support.apple.com/kb/HT212872
[4] https://support.apple.com/kb/HT212875