According to the latest report, Apple recently released macOS Monterey 12.3.1, addressing two key vulnerabilities that may be actively exploited, but as Intego pointed out this week, Apple gave macOS Big Sur and macOS Catalina users are left with bugs that have not yet been fixed.
The macOS Monterey 12.3.1 update fixes two security flaws, including an AppleAVD issue that could allow applications to execute arbitrary code with kernel privileges, and an Intel graphics driver issue that could allow applications to read kernel memory. Apple said it had previously reported that the flaws “may have been exploited,” meaning there were attacks that took advantage of these specific security holes.
Apple often provides security updates for macOS Catalina and macOS Big Sur users alongside macOS Monterey updates to ensure Mac users who continue to run older operating systems remain protected. In this case, Apple has no security fixes for macOS 11 Big Sur or macOS 10.15 Catalina this time.
macOS Big Sur and macOS Catalina still need support for bug fixes, so it’s unclear why Apple hasn’t released a security fix. According to Intego, this is the first time Apple has not released a security patch for Big Sur and Catalina alongside a fix for macOS Monterey.
According to Intego research, Big Sur remains vulnerable to CVE-2022-22675 (AppleAVD vulnerability), while CVE-2022-22674 (Intel graphics driver vulnerability) may affect both Big Sur and Catalina.
Some Mac users who continue to use Big Sur or Catalina can install Monterey to get security fixes, but other Mac users with older hardware that cannot update to Monterey have no way of addressing the now-public security holes.
Intego estimates that about 35 percent of Macs in use today could be affected by one or two vulnerabilities, and Apple has yet to respond to when security fixes will be available for Big Sur and Catalina.