Apple announced on Thursday that it has fixed the four vulnerabilities found to affect macOS Catalina, High Sierra and Mojave
«This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave", Says the consulting announcement of Apple.
One of the drawbacks of the company is an out-of-bounds reading, identified as CVE-2020-9973, which affects the item Model I / O. The exploitation of the defect involves the processing of a malicious file USD, which could lead to arbitrary code execution or trigger an attack DoS. This vulnerability was reported by her researcher Cisco Talos, Aleksandar Nikolic and affects all its versions MacOS.
The second issue Apple faces is an arbitrary code execution vulnerability, identified as CVE-2020-9961, and affects the item ImageIO. Exploiting the defect involves the use of malicious image files. This vulnerability was reported by the researcher Xingwei Lin by Ant Group Light-Year Security Lab and affects macOS High Sierra and Mojave
The third defect, identified as CVE-2020-9968, affects it sandbox and can be exploited by a malicious application for access in restricted files. The issue was raised by Adam Chester of TrustedSec and affects all versions of macOS.
The fourth issue fixed in macOS was identified as CVE-2020-9941, and affects the item Mail in the operating system High Sierra. The vulnerability could be exploited by a remote intruder to "unexpectedly change application status". The defect was reported by researchers from FH Münster University of Applied Sciences at Germany.