Apple still hasn’t rolled out patches for two zero-day exploits found in macOS to devices running Big Sur and Catalina.
As reported by 9to5Mac, Apple previously released patches for the exploits in macOS Monterey version 12.3.1. However, similar patches were not made available to the older macOS variants, despite that Apple still supports them.
One of the exploits allowed malicious apps to execute arbitrary code with kernel privileges, while the other was an exploit found in the Intel Graphics drivers, which could lead to the disclosure of kernel memory.
Apple typically releases security patches for the current version of macOS and the last two versions of the operating system. Largely, that’s because some users can’t upgrade right away due to software compatibility. People with older Macs may not be able to upgrade to newer versions of macOS if the hardware isn’t supported.
By supported older versions of macOS with security updates, Apple effectively protects users who can’t upgrade to the newest version of macOS right away. However, the company’s failure to push out a patch for these active zero-day exploits is concerning.
Hopefully, those updates come soon, although Intego notes Apple hasn’t given any indication it will provide those updates.