Apple hasn’t fixed two zero days in Big Sur and Catalina after week

Apple released macOS Monterey 12.3.1 on March 31. In it, the company repaired two zero days. Both CVE-2022-22675and CVE-2022-22654 were actively exploited, according to Apple, but no details are known about that abuse. The first vulnerability is in AppleAVD. The out-of-bounds write vulnerability made it possible to execute code with kernel privileges. The second vulnerability is slightly less severe. This is a vulnerability in the Intel Graphics driver that makes it possible to read the kernel memory.

The vulnerabilities have been fixed in macOS Monterey, but not in older operating systems, security company Intego writes. The company says the vulnerabilities are in macOS 11, or Big Sur, and in macOS 10.15, or Catalina. AppleAVD’s first issue is not patched on Big Sur only. Catalina was not affected by that vulnerability because that OS does not use that component. The Intel Graphics bug affects both Big Sur and Catalina. An independent security researcher confirms that the AppleAVD vulnerability on at least Big Sur can be exploited. According to Intego, the company is still trying to make a proof-of-concept of the other vulnerability, but that is difficult because details about the bug have been submitted anonymously to Apple. Intego says it has “high confidence” that CVE-2022-22654 affects both Big Sur and Catalina.

Apple has not yet provided an explanation as to why it has not fixed the bugs. In recent years, the company has come under increasing fire from security researchers who suggest vulnerabilities, but which are then not repaired or not repaired in time.


Inschrijven voor onze nieuwsbrief

* indicates required

Selecteer op welke manier we u mogen contacteren:

U kunt op ieder moment zich uitschrijven op onze emails door op de link te klikken in de voet van onze emails. Voor meer informatie omtrent privacy, bezoek onze website.

Wij gebruiken Mailchimp als ons marketing platform. Door onderaan op inschrijven te klikken stem je toe dat uw emailadres zal worden doorgegeven aan mailchimp om te verwerken. Lees hier meer over Mailchimp's verwerking van privacy data.