The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
https://threatpost.com/unpatched-apple-zero-day-code-execution/174915/