Big Sur Security Update 11.7.2

[Madhatter32]

The Big Sur security update was released today. I am updating and will report how it goes. The release information is as follows:

macOS Big Sur 11.7.2​

Released December 13, 2022
BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft
DriverKit
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)
IOHIDFamily
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved state handling.
CVE-2022-42864: Tommy Muir (@Muirey03)
Kernel
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with additional validation.
CVE-2022-46689: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42845: Adam Doupé of ASU SEFCOM
Kernel
Available for: macOS Big Sur
Impact: A remote user may be able to cause kernel code execution
Description: The issue was addressed with improved memory handling.
CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
libxml2
Available for: macOS Big Sur
Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2022-40303: Maddie Stone of Google Project Zero
libxml2
Available for: macOS Big Sur
Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero
ppp
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42840: an anonymous researcher
xar
Available for: macOS Big Sur
Impact: Processing a maliciously crafted package may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved checks.
CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7

 

[Glideslope]

Completed the update. Re-ran most of my daily workflow. No issues noted. 2017 iMac 27" i5, 1TB SSD, 32g RAM.

2 External USB Drives.

 

[J0m083]

Idem. Mini M1 16/512, 1 external USB. TM update completed >6GB.

 

[Madhatter32]

Decent sized security update. The update is running smoothly for me after testing.

 

[Powerbooky]

Just installed it on my Macbook Pro 2011 (OpenCore Legacy Patcher). It works, except for Photos. Every (HDR) video that is loaded in the photos app puts the Mac in freeze (clock stops) and after a few seconds it does a hard log out, losing unsaved changes. Dragging such video to the desktop fails with an error.

[update]
Found one serious bug: L2TP/IPsec VPN module is broken. There's an internal problem saving the server address. This is directly connected to the change in PPP mentioned above.

Sat Dec 17 06:13:42 2022 : L2TP can't set L2TP server address: Cannot allocate memory
Sat Dec 17 06:13:42 2022 : IPSec connection started
Sat Dec 17 06:13:42 2022 : L2TP error sending Hello (Destination address required)
Sat Dec 17 06:13:42 2022 : Failed to send L2TP hello trigger. tried 0, max 10

This memory fix actually broke things

Fortunately for me I can divert to Cisco IPsec for my own network, but it still is a serious issue since some client networks I work on only use L2TP/IPsec. I know that Big Sur had its problems with VPN when released the first time, but how can this be back again?

 

[Loyola]

I am trying to update but Software Updates seems be stuck. It just keeps showing Checking for updates......

 

[yakult121]

Had installed Big Sur 11.7.2 on a MBA 2014 and now the wifi icon on the taskbar keeps searching for signal even i've disabled wifi. Any one noticed that?

 

[Isamilis]

Just updated to 11.7.2 (from 11.7.1), MBA early 2020. So far so good. I didn't see any differences on my usage.

 

[getyoTTSout]

Had installed Big Sur 11.7.2 on a MBA 2014 and now the wifi icon on the taskbar keeps searching for signal even i've disabled wifi. Any one noticed that?


View attachment 2133265

Same but worse here with a 2014 MBP. No wifi service can be activated, no hardware found. Did the whole SMC and PRAM reset, safe mode and on and on spiel.

 

[Loyola]

Has anyone had an issue with their Bluetooth Apple keyboard not being detected on the login screen after turning on the computer? Since I updated I have had to pull out a wired a few times to enter my pass code and then go to the Bluetooth icon to selected the keyboard. Prior to the update this never happened. It could be unrelated.

 

[Isamilis]

Has anyone had an issue with their Bluetooth Apple keyboard not being detected on the login screen after turning on the computer? Since I updated I have had to pull out a wired a few times to enter my pass code and then go to the Bluetooth icon to selected the keyboard. Prior to the update this never happened. It could be unrelated.

No I didn’t. MBA early 2020.

 

[Glideslope]

Had installed Big Sur 11.7.2 on a MBA 2014 and now the wifi icon on the taskbar keeps searching for signal even i've disabled wifi. Any one noticed that?


View attachment 2133265

Not here.