One week after Apple released macOS Monterey 12.3.1 to address two security vulnerabilities, macOS Big Sur and Catalina remain vulnerable to the exploits. This leaves around 35-50% of supported Macs vulnerable to the security exploits, since Apple still supports the two older version of macOS.
Apple Neglected to Patch Security Exploits for Macs Still Running Big Sur and Catalina
Apple released macOS Monterey 12.3.1 on March 31, fixing two zero-day exploits in the operating system. One of the exploits allowed malicious apps to run arbitrary code with kernel privileges. The other one is in the Intel Graphics and could allow malicious app to read kernel memories. Both security issues, according to Apple, may have been actively exploited.
However, Apple has not released corresponding updates for macOS Big Sur or Catalina. Because of this, Macs still running these older operating systems are still vulnerable to the known security exploits.
Apple’s Previous Practices When it Comes to Updating MacOS
Intego noted that in the past, Apple issued security updates for two previous versions of macOS at the same time as for Monterey. Apple does this regularly after updating the latest macOS. There are various reasons for this practice. Some users don’t upgrade due to compatibility issues of their Macs with the latest OS release. Meanwhile, some users are still using Macs that Apple has already discontinued. These Mac aren’t compatible with the latest version of macOS.
As Intego points out, it’s highly irregular for Apple to neglect Big Sur and Catalina in such security updates.
This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina. The previous three actively exploited vulnerabilities were each patched simultaneously for Monterey, Big Sur, and Catalina.
Other Unpatched In-the-Wild Vulnerabilities in Big Sur and Catalina
Aside from confirming that macOS Big Sur was indeed still vulnerable to one of the zero-day exploits, the report confirmed that macOS Catalina was unaffected. Catalina lacks the vulnerable component needed to run code with kernel-level privileges. However, both Big Sur and Catalina could still be vulnerable to the exploit that can read kernel memory. Intego reached out to Apple to confirm this but has not received any response yet.
But aside from the two mentioned vulnerabilities, the report said that Apple has not identified as actively exploited other vulnerabilities that remain in macOS Big Sur and Catalina. Intego estimated that 55-60% of all actively used Macs are likely still running macOS Big Sur or older. Hence, those Macs are still vulnerable to unpatched in-the-wild vulnerabilities.
Again, we highly recommend updating macOS as soon as possible. It’s the only way to ensure that your Mac is safe from known vulnerabilities. If you Mac is still running older versions of macOS, always update to the latest version with patches that Apple regularly releases.
2 thoughts on “Apple Fails to Patch Big Sur and Catalina, Leaves Older Macs Vulnerable to Two Security Exploits”
“This leaves around 35-50% of supported Macs vulnerable to the security exploits, since Apple still supports the two older version of macOS”.
No, Apple does NOT support them. Otherwise, they would have been patched as well. That is NOT acceptable.
Typically, when we say Apple supports a particular Mac or operating system version, we mean the company has not yet declared it EOL. Apple has not declared Big Sur or Catalina EOL yet. Furthermore, as the article points out, previous exploits were patched on all 3 versions simultaneously.
You’re right, though. It’s unacceptable that Apple has not yet provided a fix for these two OSes.