Long said Mac systems running Catalina and Big Sur are thought to account for between 35% and 40% of Apple’s current installed base, although this is an imprecise figure as Apple no longer distinguishes between macOs versions in browser User Agent strings, making it much harder for outsiders to tell them apart. Nearly all vulnerabilities in the Intel Graphics Driver component in recent years have affected all versions of macOS,” he said. “We have high confidence that CVE-2022-22674 likely affects both macOS Big Sur and macOS Catalina. He added that it is likely that both Big Sur and Catalina are vulnerable to CVE-2022-22674, although work to confirm this is currently ongoing.
“The previous three actively exploited vulnerabilities were each patched simultaneously for Monterey, Big Sur, and Catalina.”Īccording to Long, reverse engineering of the patch has shown that macOS 11, aka Big Sur, released on 12 November 2020, is vulnerable to CVE-202-22675, although version 10.15, aka Catalina, released on 7 October 2019, is not because Catalina does not use AppleAVD. “This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina,” said Joshua Long, chief security analyst at Intego, a specialist supplier of security services for Apple users. CVE-2020-22674 in the Intel Graphics Driver and CVE-2022-22675 in the AppleAVD video and decoding framework are, variously, an out-of-bounds read issue and an out-of-bounds write issue that if leave the device kernel dangerously exposed to a potential attacker, who – in a worst-case scenario – could take total control of the victim’s device.
0 kommentar(er)
