Intego researchers revealed that while Apple has already released emergency patches to address actively exploited zero-day code execution flaws in macOS Monterey, iPadOS, and iOS, tracked as CVE-2022-22676 and CVE-22674, it has failed to remediate the vulnerabilities in Big Sur, Catalina, and older macOS versions, reports SecurityWeek.
Nearly 35% to 40% of all Mac devices could be at risk as a result of the incomplete patch, according to Intego Chief Security Analyst Joshua Long.
"Both of these macOS versions are ostensibly still receiving patches for 'significant vulnerabilities' — and actively exploited zero-day vulnerabilities certainly qualify as significant. Apple has maintained the practice of patching the two previous macOS versions alongside the current macOS version for nearly a decade. But now, Apple has neglected to patch both Big Sur and Catalina to address the latest actively exploited vulnerabilities," Long said.
Moreover, Long added that Apple has not yet responded to Intego's numerous attempts to communicate regarding the unpatched vulnerabilities. "It is also unknown whether or not a patch may come eventually (either because Apple was already planning to, or due to public pressure)," he said.
Endpoint/Device Security, Security Architecture, Application security, Risk Assessments/Management
Critical vulnerabilities left unpatched on older macOS versions
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds