![]() It is highly likely that macOS Big Sur and macOS Catalina are both vulnerable to CVE-2022-22674, the other actively exploited vulnerability that was fixed for only macOS Monterey last week. Last week’s iOS and iPadOS 15.4.1 updates-which are compatible with all devices running iOS or iPadOS 14-provide a fix for CVE-2022-22675.īy contrast, macOS Monterey and macOS Big Sur each dropped support for certain Mac hardware, so some Mac users cannot upgrade beyond Catalina or Big Sur to receive security updates that are currently only offered in Monterey. However, Apple officially (albeit quietly, and without warning) stopped supporting iOS and iPadOS 14 in January 2022, so it is no surprise that users must upgrade to the latest version of iOS 15 or iPadOS 15 to continue getting security updates. Incidentally, according to Jin, it appears that iOS 14 and iPadOS 14 are also vulnerable to CVE-2022-22675. Meanwhile, macOS Catalina does not contain the vulnerable component, AppleAVD, so Catalina is unaffected by CVE-2022-22675 specifically. It is also unknown whether or not a patch may come eventually (either because Apple was already planning to, or due to public pressure). It remains a mystery why Apple seems to have deliberately left macOS Big Sur susceptible to this actively exploited vulnerability. Apple has not responded to any of our questions. We have inquired of Apple several times about this over the past week. Jin observed that M1-based Macs running macOS Big Sur remain vulnerable to CVE-2022-22675. He then verified that macOS Big Sur does indeed still contain the same vulnerability. Last week, Mickey Jin-one of the top reporters of OS vulnerabilities to Apple-reverse engineered Apple’s patch for macOS Monterey. Intego has confirmed that macOS Big Sur remains vulnerable to CVE-2022-22675, an actively exploited vulnerability in the AppleAVD component. Until now, Apple had patched them simultaneously for all three supported macOS versions. zero-day vulnerabilities used in in-the-wild attacks). List of all macOS Monterey-era vulnerabilities that Apple has identified as actively exploited (i.e. The previous three actively exploited vulnerabilities were each patched simultaneously for Monterey, Big Sur, and Catalina. ![]() This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina. The former remains unpatched for macOS Big Sur, and the latter appears to affect both Big Sur and Catalina. Which Apple operating systems remain vulnerable?Īpple’s macOS Monterey 12.3.1 update, released last week, included fixes for two actively exploited vulnerabilities: CVE-2022-22675 (a bug in AppleAVD) and CVE-2022-22674 (a bug in Intel Graphics Driver). Has anything like this ever happened before?.How many Macs are affected by the new vulnerabilities?.Other vulnerabilities in Big Sur and Catalina.Which Apple operating systems remain vulnerable?. ![]() Let’s break down what the problem is, and what Apple needs to do to remedy this serious issue. But now, Apple has neglected to patch both Big Sur and Catalina to address the latest actively exploited vulnerabilities. ![]() Apple has maintained the practice of patching the two previous macOS versions alongside the current macOS version for nearly a decade. in-the-wild, zero-day) security vulnerabilities for macOS Monterey.Īfter nearly a week, Apple still has not released corresponding security updates to address the same vulnerabilities in the two previous macOS versions, Big Sur (aka macOS 11) and Catalina (aka macOS 10.15).īoth of these macOS versions are ostensibly still receiving patches for “significant vulnerabilities”-and actively exploited zero-day vulnerabilities certainly qualify as significant. Last week, on March 31, Apple patched two “actively exploited” (i.e. Īpple has chosen to leave an estimated 35–40% of all supported Macs in danger of actively exploited vulnerabilities. Update: After 6.5 weeks-and significant public pressure resulting from this article-Apple finally released patches for macOS Big Sur and macOS Catalina on May 16 that address these actively exploited vulnerabilities. ![]() Recommended + Security & Privacy Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |