Recently, Apple released macOS Monterey 12.3.1 to everyone and the latest update includes security fixes for two zero-day exploits, along with new features and performance improvements. However, Intego has pointed out that the security fixes are not released for macOS Big Sur and macOS Catalina updates.
Usually, Apple releases security updates for previous macOS versions because some users required more time to upgrade their Macs because of software compatibility, and some older Mac models are not compatible with the latest macOS build.
Apple left 40% of Macs running on macOS Big Sur and Cataline vulnerable to two zero-day exploits
The new macOS Monterey security fixes patched two zero-day vulnerabilities: one exploit that allowed malicious apps to execute arbitrary code with kernel privileges and the second exploit in the Intel Graphics drivers that could lead to the disclosure of kernel memory.
According to the report, the company has left up to 40% of all supported Macs vulnerable to the aforementioned zero-day exploits.
After nearly a week, Apple still has not released corresponding security updates to address the same vulnerabilities in the two previous macOS versions, Big Sur (aka macOS 11) and Catalina (aka macOS 10.15).
Both of these macOS versions are ostensibly still receiving patches for “significant vulnerabilities”—and actively exploited zero-day vulnerabilities certainly qualify as significant. Apple has maintained the practice of patching the two previous macOS versions alongside the current macOS version for nearly a decade. But now, Apple has neglected to patch both Big Sur and Catalina to address the latest actively exploited vulnerabilities.
The publisher expects Apple to release the security updates on supported macOS Big Sur and Cataline versions as well because it is serious problem to leave out a large percentage of Macs vulnerable to attacks.