HIGHLIGHTS
- Users using macOS Big Sur and Catalina are at danger of being attacked.
- Apple has yet to release any updates on the security patches.
- The public beta release of macOS Monterey 12.4 is now available for testing.
Apple appears to have overlooked macOS Big Sur and macOS Catalina while patching two zero-day vulnerabilities in macOS Monterey 12.3.1 last week. AppleAVD, Apple's audio and video decoding framework, and the Intel graphics driver were discovered to be faulty. Separately, Apple has made the first public beta of macOS Monterey 12.4 available, barely a day after it was made available to developers. However, no specific date for when the next macOS edition would be made accessible to consumers has been announced.
In a blog post, security software manufacturer Intego calculated that by not patching the two known zero-day vulnerabilities, Apple had decided to leave 35–40 percent of all supported Mac Macs susceptible to assaults. The vulnerabilities CVE-2022-22675 and CVE-2022-22674 were addressed for macOS Monterey users in the most recent version, which was published last week.
CVE-2022-22675 is for a fault in the AppleAVD framework that might allow attackers to obtain kernel privileges by leveraging an app to execute arbitrary code, whereas CVE-2022-22674 is for a weakness in the Intel Graphics driver. Apps may be able to read kernel memory with the latter.
When the security updates were released last week, Apple stated on its support page that it was aware of reports that the problems had been "actively exploited" by attackers.
However, the Cupertino behemoth has yet to make the same updates available to users of previous macOS versions.
According to Intego, this is the first time that Apple has failed to fix actively exploited vulnerabilities for macOS Big Sur and macOS Catalina users since the introduction of macOS Monterey.
CVE-2022-22675 is also present in iOS 14 and iPadOS 14, according to Intego, quoting security analyst Mickey Jin. However, because Apple discontinued support for both software versions in January, a considerable number of customers appear to have already upgraded to iOS 15 or iPadOS 15 – depending on the device.
However, computers running macOS Big Sur and Catalina are still eligible for security updates. As a result, it's unclear why Apple didn't issue fixes for those systems this time.
Gadgets 360 has reached out to Apple for comment and will update this post whenever the company answers.
According to Intego, Apple has not replied to its requests for updates to previous macOS versions.
While the newest security patch has yet to be applied to macOS Big Sur and Catalina devices, Apple has published the first public beta of macOS Monterey 12.4 to test its next operating system version. The upgrade comes only a day after developers were given access to the beta edition.
The features that macOS Monterey 12.4 public beta will offer to consumers are yet to be released. However, as noted by MacRumors, the release notes state that the Universal Control in the latest iPadOS 15.5 and macOS Monterey 12.4 upgrades is incompatible with PCs running macOS 12.3 or iPadOS 15.4.
This implies that customers who have updated their Mac Macs to the current beta version must also install the first beta release of iPadOS 15.5 on their iPad in order to enjoy the Universal Control functionality.
Along with iOS 15.5 beta 1, the first developer beta release of iPadOS 15.5 is now available.
Users who have signed up for public beta testing may seek for the macOS Monterey 12.4 release by navigating to System Preferences > Software Update after clicking on the Apple menu button. New users can sign up for the Apple Beta Software Program on the Apple website. It is crucial to note that beta versions are intended solely for testing purposes and are likely to have flaws.