Older macOS versions reportedly remain insecure after Apple chose only to patch Monterey
Although macOS Monterey users are now protected from the vulnerabilities with the latest update, those running Big Sur and Catalina remain exposed, a security researcher has claimed.
Speaking to analysts, The Register found that Big Sur users are in a more vulnerable position than those using Catalina. According to chief security analyst for Intego, Joshua Long, Catalina lacks the AppleAVD component for decoding audio and video and is therefore immune to one of the vulnerabilities. The other flaw, however, affects both versions.
So far, Apple has remained quiet on the matter. TechRadar Pro has reached out to the company’s representatives, but did not receive an immediate response.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
macOS Catalina was first released in October 2019, and should hit end-of-life in November this year, while macOS Big Sur hit the virtual shelves a year later, in November 2020, and should be supported until November 2023.
However, Long says that at least a third of Macs currently being used run on one of the vulnerable operating systems.
The first flaw is an out-of-bounds write vulnerability in the Intel Graphics Driver that allows apps to read kernel memory, while the second is an out-of-bounds read issue in the AppleAVD media decoder, allowing apps to execute arbitrary code with kernel privileges.
Apple says the flaws might have been exploited in the wild, most likely for identity theft, malware distribution, and other malicious activity, so users are urged to update their operating systems to the newest version as soon as possible.
In addition to Apple Macs, all iPhone models from the iPhone 6 onwards are affected, as well as a wide range of iPad and iPod Touch models.
Via The Register
Go to Source