Apple fixes two actively exploited vulnerabilities in macOS 12.3.1 Monterey, but hasn’t released updates for Big Sur or Catalina

macOS Big Sur Feature Triad

With the release of macOS Monterey 12.3.1 on Thursday, March 31, Apple addressed two critical vulnerabilities that could have been actively exploited in the wild, but as intego told this weekApple left macOS Big Sur and macOS Catalina users vulnerable.

macOS Big Sur Feature Triad
macOS Monterey 12.3.1 Update Fixed a couple of security flaws, including an AppleAVD issue that could allow an application with kernel privileges to execute arbitrary code, and an Intel Graphics driver issue that could allow an application to read kernel memory. Apple said it was aware of reports that these vulnerabilities “may be actively exploited,” aka attacks that use these specific security holes.

Apple often provides security updates for macOS Catalina and macOS Big Sur users along with the macOS Monterey update to ensure that Mac users running older operating systems remain safe. Apple hasn’t done so in this case, and there are no security fixes for macOS 11 Big Sur or macOS 10.15 Catalina.

MacOS Big Sur and macOS Catalina are still supported with updates for notable vulnerabilities, so it’s unclear why security fixes haven’t been released. according to this integoThis is the first time that Apple hasn’t released a patch for Big Sur and Catalina at the same time, along with a security update provided for macOS Monterey.

Big Sur remains vulnerable to CVE-2022-22675 (AppleAVD bug), while based on research by CVE-2022-22674 (an Intel graphics driver bug) affects both Big Sur and Catalina. intego,

There are some Mac users who choose to remain on Big Sur or Catalina who can install Monterey to receive security fixes, but other Mac users have older hardware that is not able to update to Monterey, and these users The U.S. has no way of addressing the security flaws that are now emerging.

intego It’s estimated that about 35 percent of Macs in use today may be affected by one or both vulnerabilities, and Apple has not responded to the site’s request for an update on when security fixes for Big Sur and Catalina might emerge. .