Apple last week patched two actively exploited vulnerabilities in macOS Monterey yet has left users of older supported versions of its desktop operating system unprotected.
According to a new report from Intego’s The Mac Security Blog, fixes applied to address CVE-2022-22675 (AppleAVD bug) and CVE-2022-22674 (Intel Graphics Driver bug) in macOS Monterey were not backported to macOS Big Sur or macOS Catalina, explains Joshua Long, Chief Security Analyst, Intego, in an email to iPhone in Canada.
The AppleAVD issue is unpatched for macOS Big Sur, said Joshua Long, chief security analyst for Intego, while Catalina isn’t affected because it lacks the AppleAVD component for decoding audio and video. The Intel Graphics Driver flaw, he said, looks like it affects both Big Sur and Catalina.
“This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina,” said Long. “The previous three actively exploited vulnerabilities were each patched simultaneously for Monterey, Big Sur, and Catalina.”
However, both Big Sur and Catalina could still be vulnerable to the exploit that can read kernel memory. Intego reached out to Apple to confirm this but has not received any response yet.
But aside from the two mentioned vulnerabilities, the report said that Apple has not identified as actively exploited other vulnerabilities that remain in macOS Big Sur and Catalina. Intego estimated that 55-60 percent of all actively used Macs are likely still running macOS Big Sur or older. Hence, those Macs are still vulnerable to unpatched in-the-wild vulnerabilities.