Apple fixed two actively exploited bugs in macOS Monterey last week, but Intego analysts emphasize that the company left users of older supported versions of its OS, namely Big Sur and Catalina, unprotected.
We are talking about vulnerabilities CVE-2022-22674 (a problem in the AppleAVD media decoder code) and CVE-2022-22675 (out-of-bounds entry in the Intel Graphics Driver).Intego expert Joshua Long writes that the AppleAVD issue remains unfixed in macOS Big Sur (Catalina is not affected at all as it lacks the AppleAVD component). Also, according to him, the vulnerability in the Intel Graphics Driver affects both Big Sur and Catalina, but in both cases, the OS was left without patches.
Let me remind you that support for macOS Catalina should end around November 2022, and macOS Big Sur should end in November 2023. But Apple has very clear deadlines for the obsolescence of its hardware, and says little about macOS support policy. Typically, the company maintains an active release of macOS for about a year, and in parallel publishes updates and patches for the previous two releases of the OS. But it looks like something has changed.
At the same time, Apple representatives do not explain why the company suddenly left old versions of macOS without patches, and Long notes that as a result, approximately 35-40% of Macs currently in use are vulnerable to one or both errors.
Long adds that there are dozens of other vulnerabilities in Big Sur and Catalina that are simply not exploited as actively by hackers.
Let me remind you that we wrote that the Research team uncovered 55 vulnerabilities in Apple products, and also that Apple Fixes Vulnerability in HomeKit that Allowed DoS Attacks on iPhones and iPads.
