Despite issuing an update to address two zero-day vulnerabilities in macOS Monterey, Apple has yet to apply it to the last two macOS versions, reportedly leaving up to 40% of actively used Macs at risk.
Apple addressed the critical bugs in its March 31, 2022 update to macOS Monterey. As yet, however, it has not updated macOS Big Sur and macOS Catalina.
According to The Mac Security Blog, Apple has traditionally supported the current and previous two versions of macOS with security updates.
One of the two actively exploited vulnerabilities still specifically targets Big Sur. Bug CVE-2022-22675, concerns AppleAVD, the framework used for audio and video decoding.
The second bug, CVE-2022-22674, is in the Intel Graphics Driver and still affects both Big Sur and Catalina. The Mac Security Blog estimates that this means 35% to 40% of all active Macs are vulnerable.
Intego, publisher of the blog, says that it has "high confidence that CVE-2022-22674 likely affects both macOS Big Sur and macOS Catalina." It bases this in part on how, it says, "nearly all vulnerabilities in the Intel Graphics Driver" have affected all versions of macOS.
Apple has not yet commented. However, it has released an update to iOS and iPadOS that reportedly patch the AppleAVD bug on iPhones and iPads.
4 Comments
...how many paying customers really want a post Jobs Apple annual 'forced march', along with the inevitable collateral challenges...?
...has a 'bicycle for the mind' become a tether to the wallet...?
Interesting deep dive in the article. Apple said the previous two OSs would get serious vulnerabilities If feasible. There is no indication that Apple will not patch these. Apple hasn’t yet and usually does at the same time as the current OS. Yet the linked article has such hate towards Apple. The linked article does point out that only the current OS gets all the patches. I’m not sure that the affected computers are that high in percentage.
A lot of business run a 'one behind' strategy for macOS and replacement cycles are usually 'when it breaks after the 3 year warranty has expired' thus there are a lot of Intel based machines running macOS 11. I can count about ~1000 in my company.
Wanting a statement of what is supported until when is necessary for vulnerability management and MS providing this is one reason that Windows is still ahead of macOS in large enterprises.
Big Sur 11.6.6 is out with the fixes.