With the public release of macOS Monterey 12.3.1 on March 31, Apple fixed two “actively exploited” security vulnerabilities in the operating system: CVE-2022-22675, a bug in AppleAVD that allows you to run arbitrary code with kernel privileges, and CVE-2022-22674, a bug in the Intel graphics driver.
These same system flaws could be present, but still not corrected, even in macOS Big Sur and macOS Catalina, older versions but still supported by the Cupertino company and therefore suitable for receiving patches for this type of security problem.
As noted by Intego, a blog that deals with Mac security, this is the first time since the release of macOS Monterey that Apple has not immediately corrected a vulnerability that was also actively exploited on Big Sur and Catalina. With the previous three vulnerabilities discovered, corrective patches had arrived almost simultaneously for all three versions of macOS.
The lack of patches for these operating systems, therefore, would currently make them very vulnerable to attacks that exploit these exploits. According to an estimate made by Intego, about 35/40% of all Macs in use would be affected by one or both vulnerabilities, and 55/60% of all active Macs are likely using macOS Big Sur or earlier. At the moment, Apple has not yet confirmed its intention to release security updates for these previous versions of macOS.
Last year, after the release of iOS 15, Apple said it would continue to release security updates for iOS 14 as well but after iOS 14.8.1 no more patches came forcing users to update to the next version. In this case, Apple confirmed that the ability to stay on iOS 14 had always been considered “temporary”. The difference is that all devices that support iOS 14 can be upgraded to iOS 15 but not all Macs can be upgraded to macOS Monterey instead.