Older macOS versions reportedly remain insecure after Apple chose only to patch Monterey

Apple
Apple takes a bite out of previous sales (Image credit: Future)

Last week, Apple released an important update for its devices, patching two major security flaws. However, it has now been suggested that not all macOS versions received the fix.

Although macOS Monterey users are now protected from the vulnerabilities with the latest update, those running Big Sur and Catalina remain exposed, a security researcher has claimed.

Speaking to analysts, The Register found that Big Sur users are in a more vulnerable position than those using Catalina. According to chief security analyst for Intego, Joshua Long, Catalina lacks the AppleAVD component for decoding audio and video and is therefore immune to one of the vulnerabilities. The other flaw, however, affects both versions.

So far, Apple has remained quiet on the matter. TechRadar Pro has reached out to the company’s representatives, but did not receive an immediate response.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

macOS vulnerabilities

macOS Catalina was first released in October 2019, and should hit end-of-life in November this year, while macOS Big Sur hit the virtual shelves a year later, in November 2020, and should be supported until November 2023. 

However, Long says that at least a third of Macs currently being used run on one of the vulnerable operating systems.

The first flaw is an out-of-bounds write vulnerability in the Intel Graphics Driver that allows apps to read kernel memory, while the second is an out-of-bounds read issue in the AppleAVD media decoder, allowing apps to execute arbitrary code with kernel privileges.

Apple says the flaws might have been exploited in the wild, most likely for identity theft, malware distribution, and other malicious activity, so users are urged to update their operating systems to the newest version as soon as possible.

In addition to Apple Macs, all iPhone models from the iPhone 6 onwards are affected, as well as a wide range of iPad and iPod Touch models.

Via The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.