Apple, exploits fixed in macOS Monterey are still present in Big Sur and Catalina

With the public release of macOS Monterey 12.3.1, which took place on March 31, Apple fixed two security vulnerabilities “actively exploited” nel on the operating system: CVE-2022-22675a bug in AppleAVD that allows arbitrary code to run with kernel privileges, and CVE-2022-22674a bug in the Intel graphics driver.

These same system flaws could be present, but still not corrected, even in macOS Big Sur and in macOS Catalina, older versions but still supported by the Cupertino company and therefore suitable for receiving patches for this type of security problems.

As noted by Intego, a blog that deals with Mac security, this is the first time since the release of macOS Monterey that Apple has not immediately corrected an actively exploited vulnerability also on Big Sur and Catalina. With the previous three vulnerabilities discovered, corrective patches had arrived almost simultaneously for all three versions of macOS.

The lack of patches for these operating systems, therefore, would currently make them very vulnerable to attacks that exploit these exploits. According to an estimate made by Intego, they would be affected by one or both vulnerabilities about 35/40% of all Macs in use and that 55/60% of all active Macs are likely using macOS Big Sur or earlier. At the moment, Apple has not yet confirmed its intention to release security updates for these previous versions of macOS.

Last year, after the release of iOS 15, Apple said it would continue releasing security updates for iOS 14 as well but after iOS 14.8.1 no more patches came forcing users to update to the next version. In this case, Apple confirmed that the ability to stay on iOS 14 had always been considered “temporary”. The difference is that all devices that support iOS 14 can be upgraded to iOS 15 but not all Macs can be upgraded to macOS Monterey instead.

Leave a Comment