Apple Fixed Two Actively Exploited Vulnerabilities in macOS 12.3.1 Monterey, But Hasn't Released Updates for Big Sur or Catalina

With the release of macOS Monterey 12.3.1 on Thursday, March 31, Apple addressed two critical vulnerabilities that may have been actively exploited in the wild, but as Intego pointed out this week, Apple left macOS Big Sur and macOS Catalina users vulnerable.

macOS Big Sur Feature Triad
The macOS Monterey 12.3.1 update fixed a pair of security flaws, including an AppleAVD issue that could allow an application to execute arbitrary code with kernel privileges and an Intel Graphics Driver issue that could allow an application to read kernel memory. Apple said that it was aware of reports that these vulnerabilities "may have been actively exploited," aka there are attacks that use these specific security holes.

Apple often provides security updates for macOS Catalina and macOS Big Sur users alongside macOS Monterey updates to make sure that Mac users who continue to run older operating systems remain protected. Apple has not done so in this case, and there are no security fixes for macOS 11 Big Sur or macOS 10.15 Catalina.

macOS Big Sur and macOS Catalina are still being supported with updates for notable vulnerabilities, so it is not clear why security fixes have not been released. According to Intego, this is the first time that Apple has not released simultaneous security patches for Big Sur and Catalina alongside fixes provided for macOS Monterey.

Big Sur remains vulnerable to CVE-2022-22675 (the AppleAVD bug), while CVE-2022-22674 (an Intel Graphics Driver bug) likely impacts both Big Sur and Catalina, based on research conducted by Intego.

There are some Mac users who choose to remain on Big Sur or Catalina who could install Monterey to get security fixes, but other Mac users have older hardware that is not able to be updated to Monterey, and these users have no way to address the security flaws that are now publicized.

Intego estimates that around 35 percent of Macs in use today could be affected by one or both vulnerabilities, and Apple has not responded to the site's request for an update on when security fixes might come out for Big Sur and Catalina.

Related Forums: macOS Catalina, macOS Big Sur

Top Rated Comments

chucker23n1 Avatar
25 months ago

According to Intego, this is the first time that Apple has not released simultaneous patches for Big Sur and Catalina alongside a security update provided for macOS Monterey.
It's not.

Big Sur and Catalina did get theirs on the same day with 12.3:



But they didn't with 12.2.1:




So, it's not unprecedented for there to be a gap of a few days.

Attachment Image

Attachment Image
Score: 20 Votes (Like | Disagree)
KaliYoni Avatar
25 months ago
This is terrible on Apple's part because even Mac users who stay within the last two releases of macOS are, often unknowingly as Intego's research revealed, put at risk. Worse, the lack of any written support timeline makes it impossible to have any kind of rational upgrade plan.

----------
A good discussion about how macOS inconsistencies and opaque updates are hurting users, for anybody interested:

"As far as macOS goes, everyone will tell you that Apple supports the current version for about a year before it’s replaced by a new major release, then provides two years of security updates for it. The strange thing about that is Apple doesn’t seem to have committed that to writing, and I’ve searched long and hard for its official policy on many occasions. This article sets out what Apple has actually done over the last few years, from OS X Mavericks onwards."
https://eclecticlight.co/2021/09/22/how-long-does-apple-support-macos/
Score: 17 Votes (Like | Disagree)
ouimetnick Avatar
25 months ago
Wish they still actively supported macOS Mojave.. Folks still use that OS for certain things (32 bit apps, dashboard, iTunes, etc)
Score: 17 Votes (Like | Disagree)
Bokito Avatar
25 months ago
Apple is more and more pushing users to use the latest OS. That they removed the option to hide the nagging notification of new OS versions with a security update was just the start. Just providing a single patch for iOS 14 after the iOS 15 launch after promising 'it would continue to receive update' was a big FU to users.

I'm using a lot of apps that are too complex to be fully compatible with a new OS on day one, so I'm still running Big Sur. I'm not sure why Apple isn't updating Big Sur and Catalina. They really should communicate about it, but Apple's communication is lacking lately. I don't see why they can't backport the fixes with minimal effort certainly if they're actively exploited.
Score: 15 Votes (Like | Disagree)
sw1tcher Avatar
25 months ago

Every company has limited engineering resources and Apple is no different.

Ideally, everything is updated at the same time with no bugs. Realistically, Apple needs to focus on the latest OS and most recent devices.
Apple, a nearly $3 trillion company, with limited engineering resources? ?

How is it that a smaller company like Microsoft can offer a much longer support window than Apple? Take a look at Windows 10. It came out on Jul 29, 2015 and Microsoft will be supporting it until Oct 14, 2025 ('https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro')

5 years of mainstream support from the release date and 10 years of extended support is pretty darn impressive.
Score: 8 Votes (Like | Disagree)
visualseed Avatar
25 months ago
I have a 2012 Mac Mini that is on the beta track for Catalina and just got notified of an update

"macOS Catalina Security Update Developer Beta 2022-004 10.15.7"

So I suspect it's in the pipe for a GM release.
Score: 7 Votes (Like | Disagree)

Popular Stories

General Apps Messages

Apple Announces 'Groundbreaking' New Security Protocol for iMessage

Wednesday February 21, 2024 6:00 am PST by
Apple today announced a new post-quantum cryptographic protocol for iMessage called PQ3. Apple says this "groundbreaking" and "state-of-the-art" protocol provides "extensive defenses against even highly sophisticated quantum attacks." Apple believes the PQ3 protocol's protections "surpass those in all other widely deployed messaging apps," according to its blog post:Today we are announcing...
iOS 17

iOS 17.4 Will Add These New Features to Your iPhone

Monday February 19, 2024 6:52 am PST by
Apple last month confirmed that iOS 17.4 will be released in March, and the update includes several new features and changes for the iPhone. Key new features in iOS 17.4 include major App Store changes in the EU and Apple Podcasts transcripts. The update also adds new emoji and includes preparations for the launch of next-generation CarPlay later this year. More details about the new...
samsung galaxy ring

'Apple Ring' Allegedly in Development to Rival Samsung Galaxy Ring

Tuesday February 20, 2024 2:27 am PST by
Apple is speeding up development of a smart ring that can be worn on the finger to track users' health biometrics, claims a new report coming out of Korea. Teaser image of Samsung Galaxy Ring shown at Galaxy Unpacked in January Apple has toyed with the idea of a ring wearable for several years, as indicated by several patents, but with Samsung preparing to bring its own product to market, the ...
volvo s60 drivers apple maps

iOS 17.4 Beta Adds CarPlay Option to Show Upcoming Maneuvers in Instrument Cluster

Tuesday February 20, 2024 10:47 am PST by
The fourth beta of iOS 17.4 that Apple released today adds a new CarPlay feature, according to the notes that Apple provided to developers. In supported CarPlay vehicles, there's now an Apple Maps option to show information about upcoming maneuvers in the instrument cluster. CarPlay users will be able to swap the display type between the main and instrument cluster by tapping on the map...
m3 macbook pro 14 16

Apple Now Selling Refurbished M3 Pro and M3 Max MacBook Pro Models

Monday February 19, 2024 5:04 pm PST by
Apple today began offering refurbished versions of the 14-inch and 16-inch MacBook Pro models with M3 Pro and M3 Max chip options, offering the machines at a discount for the first time since their October 2023 release. The release of M3 Pro and M3 Max models on Apple's refurbished store comes almost two weeks after the entry-level 14-inch M3 MacBook Pro first appeared on the store....
iPad Pro OLED Feature 2

Apple's Upcoming OLED iPad Pro Models Rumored to Be Much Thinner

Tuesday February 20, 2024 1:39 pm PST by
Apple is planning to update the iPad Air and iPad Pro lineups as soon as March, and the new iPad Pro models will be significantly thinner according to dimensions shared by 9to5Mac. Citing sources with knowledge of Apple's plans, the site claims that the larger version will be more than 1mm thinner. The current 12.9-inch iPad Pro measures in at 6.4mm thick, but the new model is said to be 5mm ...
apple wallet drivers license feature

Apple Said iPhone Driver's Licenses Will Expand to These 8 U.S. States

Monday February 12, 2024 7:51 am PST by
In 2021, Apple introduced a feature that lets residents of participating U.S. states add their driver's license or ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age. Unfortunately, states have been slow to adopt the feature since it was first announced in September 2021, with IDs in the Wallet app only available ...