Apple on Thursday announced to have patched four vulnerabilities affecting macOS Catalina, High Sierra and Mojave.
“This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.” reads the advisory published by Apple.
One of the flaws addressed by Apple is an out-of-bounds read, tracked as CVE-2020-9973, that affects the Model I/O component. The exploitation of the flaw involves the processing of a malicious USD file, it could lead to arbitrary code execution or a trigger DoS condition. This vulnerability was reported by the Cisco Talos researcher Aleksandar Nikolic and affects all versions of macOS.
The second issue addressed by Apple is an arbitrary code execution vulnerability, tracked as CVE-2020-9961, that affects the ImageIO component. The exploitation of the flaw involves the use of malicious image files. This vulnerability was reported by the researcher Xingwei Lin from Ant Group Light-Year Security Lab and affects macOS High Sierra and Mojave
The third flaw, tracked as CVE-2020-9968, affects the sandbox and can be exploited by a malicious application to access restricted files.
The issue was reported by Adam Chester of TrustedSec and affects all versions of macOS.
The fourth issue fixed in macOS, tracked as CVE-2020-9941, affects the Mail component in the High Sierra OS. The vulnerability can be exploited by a remote attacker to “unexpectedly alter application state.” The flaw was reported by researchers from the FH Münster University of Applied Sciences in Germany.
(SecurityAffairs – hacking, Apple)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.