Last week, Apple released an important update for its devices, patching (opens in new tab) two major security flaws. However, it has now been suggested that not all macOS versions received the fix.
Although macOS Monterey users are now protected from the vulnerabilities with the latest update, those running Big Sur and Catalina remain exposed, a security researcher has claimed.
Speaking to analysts, The Register found that Big Sur users are in a more vulnerable position than those using Catalina. According to chief security analyst for Intego, Joshua Long, Catalina lacks the AppleAVD component for decoding audio and video and is therefore immune to one of the vulnerabilities. The other flaw, however, affects both versions.
So far, Apple has remained quiet on the matter. TechRadar Pro has reached out to the company’s representatives, but did not receive an immediate response.
macOS vulnerabilities
macOS Catalina was first released in October 2019, and should hit end-of-life in November this year, while macOS Big Sur hit the virtual shelves a year later, in November 2020, and should be supported until November 2023.
However, Long says that at least a third of Macs currently being used run on one of the vulnerable operating systems.
The first flaw is an out-of-bounds write vulnerability in the Intel Graphics Driver that allows apps to read kernel memory, while the second is an out-of-bounds read issue in the AppleAVD media decoder, allowing apps to execute arbitrary code with kernel privileges.
Apple says the flaws might have been exploited in the wild, most likely for identity theft, malware distribution, and other malicious activity, so users are urged to update their operating systems to the newest version as soon as possible.
In addition to Apple Macs, all iPhone models from the iPhone 6 onwards are affected, as well as a wide range of iPad and iPod Touch models.
