Already I’m seeing social media channels fill up with Apple users whining about the 2GB or larger download required for OSX 12.4.

Why should I download this if there are no major changes?

Deployment model plans aside — proprietary lightning connectors are nearly dinosaur speed versus modern USB-C so Apple arguably put themselves in this corner — let’s talk about what Apple doesn’t seem to highlight in its official release notes: data safety (CRITICALITY OF FIXES).

1. CVE-2022-26772 memory corruption to execute arbitrary code with kernel privileges
2. CVE-2022-26741 buffer overflow to execute arbitrary code with kernel privileges
3. CVE-2022-26742 buffer overflow to execute arbitrary code with kernel privileges
4. CVE-2022-26749 buffer overflow to execute arbitrary code with kernel privileges
5. CVE-2022-26750 buffer overflow to execute arbitrary code with kernel privileges
6. CVE-2022-26752 buffer overflow to execute arbitrary code with kernel privileges
7. CVE-2022-26753 buffer overflow to execute arbitrary code with kernel privileges
8. CVE-2022-26754 buffer overflow to execute arbitrary code with kernel privileges
9. CVE-2021-44224 “multiple issues”
10. CVE-2021-44790 “multiple issues”
11. CVE-2021-44719 “multiple issues”
12. CVE-2022-22720 “multiple issues”
13. CVE-2022-22721 “multiple issues”
14. CVE-2022-26697 out-of-bounds read for unexpected application termination or disclosure of process memory
15. CVE-2022-26698 out-of-bounds read for unexpected application termination or disclosure of process memory
16. CVE-2022-26736 out-of-bounds write to execute arbitrary code with kernel privileges
17. CVE-2022-26737 out-of-bounds write to execute arbitrary code with kernel privileges
18. CVE-2022-26738 out-of-bounds write to execute arbitrary code with kernel privileges
19. CVE-2022-26739 out-of-bounds write to execute arbitrary code with kernel privileges
20. CVE-2022-26740 out-of-bounds write to execute arbitrary code with kernel privileges
21. CVE-2022-26694 inherit app permissions and access user data
22. CVE-2022-26721 memory initialization to gain root privileges
23. CVE-2022-26722 memory initialization to gain root privileges
24. CVE-2022-26763 out-of-bounds access to execute arbitrary code with system privileges
25. CVE-2022-26711 integer overflow to cause unexpected application termination or arbitrary code execution
26. CVE-2022-26725 location information may persist after it is removed
27. CVE-2022-26720 out-of-bounds write to execute arbitrary code with kernel privileges
28. CVE-2022-26769 memory corruption to execute arbitrary code with kernel privileges
29. CVE-2022-26770 out-of-bounds read to execute arbitrary code with kernel privileges
30. CVE-2022-26748 out-of-bounds write for arbitrary code execution
31. CVE-2022-26756 out-of-bounds to execute arbitrary code with kernel privileges
32. CVE-2022-26701 race condition to execute arbitrary code with kernel privileges
33. CVE-2022-26768 memory corruption to execute arbitrary code with kernel privileges
34. CVE-2022-26743 out-of-bounds write to escalate to kernel privileges
35. CVE-2022-26714 memory corruption to execute arbitrary code with kernel privileges
36. CVE-2022-26757 use after free to execute arbitrary code with kernel privileges
37. CVE-2022-26764 memory corruption to bypass kernel memory mitigations
38. CVE-2022-26765 race condition to bypass Pointer Authentication
39. CVE-2022-26706 access issue to circumvent sandbox restrictions
40. CVE-2022-26767 to bypass Privacy preferences
41. CVE-2022-26776 cause unexpected application termination or arbitrary code execution
42. CVE-2022-26708 for unexpected application termination or arbitrary code execution
43. CVE-2022-26775 integer overflow to cause unexpected application termination or arbitrary code execution
44. CVE-2022-0778 invalid cert for denial of service
45. CVE-2022-23308 use after free to cause unexpected application termination or arbitrary code execution
46. CVE-2022-0778 invalid cert for denial of service
47. CVE-2022-26712 vulnerable code to modify protected parts of the file system
48. CVE-2022-26727 bypass entitlements to modify protected parts of the file system
49. CVE-2022-26693 bypass checks to inherit application permissions and access user data
50. CVE-2022-26746 vulnerable code to bypass Privacy preferences
51. CVE-2022-26731 state management logic weakness to track users in Safari private browsing mode
52. CVE-2022-26766 certificate parsing issue to bypass signature validation
53. CVE-2022-26715 out-of-bounds write to gain elevated privileges
54. CVE-2022-26718 out-of-bounds read to gain elevated privileges
55. CVE-2022-26723 memory corruption for arbitrary code execution
56. CVE-2022-26728 bypass entitlements to access restricted files
57. CVE-2022-26704 validation issue to gain elevated privileges
58. CVE-2022-26726 bypass checks to capture a user’s screen
59. CVE-2022-26755 lack of sanitization to break out of a sandbox
60. CVE-2022-26700 memory corruption for code execution
61. CVE-2022-26709 use after free for arbitrary code execution
62. CVE-2022-26710 use after free for arbitrary code execution
63. CVE-2022-26717 use after free for arbitrary code execution
64. CVE-2022-26716 memory corruption for arbitrary code execution
65. CVE-2022-26719 memory corruption for arbitrary code execution
66. CVE-2022-22677 logic issue so call may be interrupted
67. CVE-2022-26745 memory corruption to disclose restricted memory
68. CVE-2022-26761 memory corruption to execute arbitrary code with kernel privileges
69. CVE-2022-26762 memory corruption to execute arbitrary code with system privileges
70. CVE-2022-0530 bypass file state for denial of service
71. CVE-2018-25032 memory corruption for unexpected application termination or arbitrary code execution
72. CVE-2021-45444 arbitrary code execution

Whew! Even with sparse details and placeholder CVE records that’s still 24 mentions of kernel privileges and 2 root level. Can you figure out the one missing from this list?