Intego researchers revealed that while Apple has already released emergency patches
to address actively exploited zero-day code execution flaws in macOS Monterey, iPadOS, and iOS, tracked as CVE-2022-22676 and CVE-22674, it has failed to remediate the vulnerabilities in Big Sur, Catalina, and older macOS versions, reports SecurityWeek.
Nearly 35% to 40% of all Mac devices could be at risk as a result of the incomplete patch, according to Intego Chief Security Analyst Joshua Long.
"Both of these macOS versions are ostensibly still receiving patches
for 'significant vulnerabilities' — and actively exploited zero-day vulnerabilities certainly qualify as significant. Apple has maintained the practice of patching the two previous macOS versions alongside the current macOS version for nearly a decade. But now, Apple has neglected to patch both Big Sur and Catalina to address the latest actively exploited vulnerabilities," Long said.
Moreover, Long added that Apple has not yet responded to Intego's numerous attempts to communicate regarding the unpatched vulnerabilities. "It is also unknown whether or not a patch may come eventually (either because Apple was already planning to, or due to public pressure)," he said.