Articles Apple leaves critical bugs unpatched in macOS Big Sur...

Apple leaves critical bugs unpatched in macOS Big Sur and Catalina


Apple patched two actively exploited vulnerabilities in macOS Monterey last week , but Intego analysts emphasize that the company left users of older supported versions of its OS, i.e. Big Sur and Catalina, unprotected.

We are talking about vulnerabilities CVE-2022-22674 (a problem in the AppleAVD media decoder code) and CVE-2022-22675 (out-of-bounds entry in the Intel Graphics Driver).

Intego expert Joshua Long writes that the AppleAVD issue remains unfixed in macOS Big Sur (Catalina is not affected at all as it lacks the AppleAVD component). Also, according to him, the vulnerability in the Intel Graphics Driver affects both Big Sur and Catalina, but in both cases, the OS was left without patches.

Let me remind you that support for macOS Catalina should end around November 2022, and macOS Big Sur should end in November 2023. But Apple has very clear deadlines for the obsolescence of its hardware, and says little about macOS support policies. Typically, the company maintains an active release of macOS for about a year, and in parallel publishes updates and patches for the previous two releases of the OS. But it looks like something has changed.

“This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities in Big Sur and Catalina,” says Long. “The previous three actively exploited vulnerabilities were addressed simultaneously for Monterey, Big Sur and Catalina.”

At the same time, Apple representatives do not explain why the company suddenly left old versions of macOS without patches, and Long notes that as a result, approximately 35-40% of Macs currently in use are vulnerable to one or both errors.

Long adds that there are dozens of other vulnerabilities in Big Sur and Catalina that are simply not exploited as actively by hackers.

“Apple has an unfortunate history of deliberately leaving “supported” versions of macOS unprotected from some actively exploited issues. Such situations, when the vendor simply decides not to release patches, are sometimes called “eternal 0-day vulnerabilities,” the expert sums up.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you