Endpoint/Device Security, Security Architecture, Application security, Risk Assessments/Management

Critical vulnerabilities left unpatched on older macOS versions

Intego researchers revealed that while Apple has already released emergency patches to address actively exploited zero-day code execution flaws in macOS Monterey, iPadOS, and iOS, tracked as CVE-2022-22676 and CVE-22674, it has failed to remediate the vulnerabilities in Big Sur, Catalina, and older macOS versions, reports SecurityWeek. Nearly 35% to 40% of all Mac devices could be at risk as a result of the incomplete patch, according to Intego Chief Security Analyst Joshua Long. "Both of these macOS versions are ostensibly still receiving patches for 'significant vulnerabilities' — and actively exploited zero-day vulnerabilities certainly qualify as significant. Apple has maintained the practice of patching the two previous macOS versions alongside the current macOS version for nearly a decade. But now, Apple has neglected to patch both Big Sur and Catalina to address the latest actively exploited vulnerabilities," Long said. Moreover, Long added that Apple has not yet responded to Intego's numerous attempts to communicate regarding the unpatched vulnerabilities. "It is also unknown whether or not a patch may come eventually (either because Apple was already planning to, or due to public pressure)," he said.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds