Apple “has chosen to leave an estimated 35–40% of all supported Macs in danger of actively exploited vulnerabilities,” reports The Mac Security Blog.
Last week Apple patched two “actively exploited” (i.e. in-the-wild, zero-day) security vulnerabilities for macOS with macOS 12.3.1. However, after nearly a week, Apple still hasn’t released corresponding security updates to address the same vulnerabilities in the two previous macOS versions, Big Sur (macOS 11) and Catalina (macOS 10.15).
From The Mac Security Blog: Both of these macOS versions are ostensibly still receiving patches for “significant vulnerabilities”—and actively exploited zero-day vulnerabilities certainly qualify as significant. Apple has maintained the practice of patching the two previous macOS versions alongside the current macOS version for nearly a decade. But now, Apple has neglected to patch both Big Sur and Catalina to address the latest actively exploited vulnerabilities.