Apple

Apple releases mystery security updates for macOS Big Sur, Catalina

Posted on by

On Monday, Apple released security updates for macOS Big Sur and macOS Catalina. But strangely, Apple did not provide a single detail about which security issues were addressed in the updates.

Here’s what little we know about the latest macOS updates.

What do macOS Big Sur 11.6.4 and Security Update 2022-002 Catalina include?

On Apple’s “What’s new in the updates for macOS Big Sur” page, Apple simply states of macOS Big Sur 11.6.4:

This update is recommended for all users and improves the security of macOS.

(Apple no longer updates its “What’s new in the updates for macOS Catalina” page, so there is no specific statement there about the corresponding update, Security Update 2022-002 Catalina.)

Usually, Apple provides details about security fixes at its “Apple security updates” page.

This time around, however, Apple is — at least so far — staying silent about what the latest updates include.

Apple offers no CVE details for macOS Big Sur 11.6.4 or Security Update 2022-002 Catalina.

Instead, Apple simply states that “This update has no published CVE entries” for both updates. Vulnerabilities often have CVE numbers assigned to them to help researchers identify whether the same security issue affects multiple products.

It is extremely rare for Apple to issue a security update without referencing any CVE numbers. In fact, this is the first case we could find where Apple published a security-only update for macOS that did not include a single CVE reference in its security release notes.

We have reached out to Apple for comment. If Apple responds, we’ll update this article to include the company’s statement.

What do the new Big Sur and Catalina updates likely NOT include?

One thing we can assume that the two updates do not include is a fix for the WebKit vulnerability that was already included in last week’s Safari 15.3 update for both Big Sur and Catalina. Apple specifically named that vulnerability as CVE-2022-22620.

Apple fixes active zero-day vuln with macOS 12.2.1, iOS 15.3.1, Safari 15.3

How to update to the latest macOS versions

You can get the latest macOS version that’s compatible with your Mac by clicking on Apple menuSystem Preferences… > Software Update.

If your Mac’s operating system hasn’t been updated for several years and it’s running macOS High Sierra or older, look for macOS Monterey in the App Store and download it from there.

Ideally, if your Mac is compatible with macOS Monterey, you should update to Monterey rather than merely installing this week’s Big Sur or Catalina security update.

Although Apple continues to release some security updates for macOS Big Sur and macOS Catalina, Apple does not patch every security issue for these older macOS versions; see Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious.

Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious

How to back up your Mac before updating it

When backing up your Mac, it’s ideal to follow a “3-2-1 backup strategy,” and occasionally verify that your Mac is backing up successfully.

Data Backup Plan: How to Implement the 3-2-1 Backup Strategy

How to Verify Your Backups are Working Properly

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes!

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which is often featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →