Apple Fixed Two Actively Exploited Vulnerabilities in macOS 12.3.1 Monterey, But Hasn't Released Updates for Big Sur or Catalina

by

With the release of macOS Monterey 12.3.1 on Thursday, March 31, Apple addressed two critical vulnerabilities that may have been actively exploited in the wild, but as Intego pointed out this week, Apple left macOS Big Sur and macOS Catalina users vulnerable.

macOS Big Sur Feature Triad
The macOS Monterey 12.3.1 update fixed a pair of security flaws, including an AppleAVD issue that could allow an application to execute arbitrary code with kernel privileges and an Intel Graphics Driver issue that could allow an application to read kernel memory. Apple said that it was aware of reports that these vulnerabilities "may have been actively exploited," aka there are attacks that use these specific security holes.

Apple often provides security updates for macOS Catalina and macOS Big Sur users alongside macOS Monterey updates to make sure that Mac users who continue to run older operating systems remain protected. Apple has not done so in this case, and there are no security fixes for macOS 11 Big Sur or macOS 10.15 Catalina.

macOS Big Sur and macOS Catalina are still being supported with updates for notable vulnerabilities, so it is not clear why security fixes have not been released. According to Intego, this is the first time that Apple has not released simultaneous security patches for Big Sur and Catalina alongside fixes provided for macOS Monterey.

Big Sur remains vulnerable to CVE-2022-22675 (the AppleAVD bug), while CVE-2022-22674 (an Intel Graphics Driver bug) likely impacts both Big Sur and Catalina, based on research conducted by Intego.

There are some Mac users who choose to remain on Big Sur or Catalina who could install Monterey to get security fixes, but other Mac users have older hardware that is not able to be updated to Monterey, and these users have no way to address the security flaws that are now publicized.

Intego estimates that around 35 percent of Macs in use today could be affected by one or both vulnerabilities, and Apple has not responded to the site's request for an update on when security fixes might come out for Big Sur and Catalina.

Related Forums: macOS Catalina, macOS Big Sur

Popular Stories

maxresdefault

Apple Shows Off a Key Reason to Upgrade to the iPhone 17

Saturday February 7, 2026 9:26 am PST by
Apple today shared an ad that shows how the upgraded Center Stage front camera on the latest iPhones improves the process of taking a group selfie. "Watch how the new front facing camera on iPhone 17 Pro takes group selfies that automatically expand and rotate as more people come into frame," says Apple. While the ad is focused on the iPhone 17 Pro and iPhone 17 Pro Max, the regular iPhone...
Read Full Article83 comments
apple wallet drivers license feature iPhone 15 pro

Apple Says These 7 U.S. States Plan to Offer iPhone Driver's Licenses

Monday February 9, 2026 6:24 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article112 comments
14 inch MacBook Pro Keyboard

New MacBook Pros Could Now Arrive in March

Sunday February 8, 2026 6:02 am PST by
New MacBook Pro models with the M5 Pro and M5 Max chips could arrive as soon as Monday, March 2, according to Bloomberg's Mark Gurman. In today's "Power On" newsletter, Gurman said that the release of new MacBook Pro models is tied to the release of macOS Tahoe 26.3. The launch is said to be slated for as early as the week of March 2. He added that the M4 Pro and M4 Max models on sale today...
Read Full Article132 comments
Apple Logo Zoomed

Apple Expected to Launch These 10+ Products Over the Coming Months

Tuesday February 10, 2026 6:33 am PST by
It has been a slow start to 2026 for Apple product launches, with only a new AirTag and a special Apple Watch band released so far. We are still waiting for MacBook Pro models with M5 Pro and M5 Max chips, the iPhone 17e, a lower-cost MacBook with an iPhone chip, long-rumored updates to the Apple TV and HomePod mini, and much more. Apple is expected to release/update the following products...
Read Full Article37 comments
wwdc sans text feature

Apple Rumored to Announce New Product on February 19

Thursday February 5, 2026 12:22 pm PST by
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld. The report, citing industry sources, is available in English on Macworld. Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
Read Full Article

Top Rated Comments

chucker23n1 Avatar
chucker23n1
50 months ago

According to Intego, this is the first time that Apple has not released simultaneous patches for Big Sur and Catalina alongside a security update provided for macOS Monterey.
It's not.

Big Sur and Catalina did get theirs on the same day with 12.3:



But they didn't with 12.2.1:




So, it's not unprecedented for there to be a gap of a few days.

Attachment Image

Attachment Image
Score: 20 Votes (Like | Disagree)
KaliYoni Avatar
KaliYoni
50 months ago
This is terrible on Apple's part because even Mac users who stay within the last two releases of macOS are, often unknowingly as Intego's research revealed, put at risk. Worse, the lack of any written support timeline makes it impossible to have any kind of rational upgrade plan.

----------
A good discussion about how macOS inconsistencies and opaque updates are hurting users, for anybody interested:

"As far as macOS goes, everyone will tell you that Apple supports the current version for about a year before it’s replaced by a new major release, then provides two years of security updates for it. The strange thing about that is Apple doesn’t seem to have committed that to writing, and I’ve searched long and hard for its official policy on many occasions. This article sets out what Apple has actually done over the last few years, from OS X Mavericks onwards."
https://eclecticlight.co/2021/09/22/how-long-does-apple-support-macos/
Score: 17 Votes (Like | Disagree)
ouimetnick Avatar
ouimetnick
50 months ago
Wish they still actively supported macOS Mojave.. Folks still use that OS for certain things (32 bit apps, dashboard, iTunes, etc)
Score: 17 Votes (Like | Disagree)
Bokito Avatar
Bokito
50 months ago
Apple is more and more pushing users to use the latest OS. That they removed the option to hide the nagging notification of new OS versions with a security update was just the start. Just providing a single patch for iOS 14 after the iOS 15 launch after promising 'it would continue to receive update' was a big FU to users.

I'm using a lot of apps that are too complex to be fully compatible with a new OS on day one, so I'm still running Big Sur. I'm not sure why Apple isn't updating Big Sur and Catalina. They really should communicate about it, but Apple's communication is lacking lately. I don't see why they can't backport the fixes with minimal effort certainly if they're actively exploited.
Score: 15 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
50 months ago

Every company has limited engineering resources and Apple is no different.

Ideally, everything is updated at the same time with no bugs. Realistically, Apple needs to focus on the latest OS and most recent devices.
Apple, a nearly $3 trillion company, with limited engineering resources? ?

How is it that a smaller company like Microsoft can offer a much longer support window than Apple? Take a look at Windows 10. It came out on Jul 29, 2015 and Microsoft will be supporting it until Oct 14, 2025 ('https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro')

5 years of mainstream support from the release date and 10 years of extended support is pretty darn impressive.
Score: 8 Votes (Like | Disagree)
visualseed Avatar
visualseed
50 months ago
I have a 2012 Mac Mini that is on the beta track for Catalina and just got notified of an update

"macOS Catalina Security Update Developer Beta 2022-004 10.15.7"

So I suspect it's in the pipe for a GM release.
Score: 7 Votes (Like | Disagree)
Read All Comments