Apple has released yesterday update for macOS Catalina version 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.

Processing a maliciously crafted image may lead to arbitrary code execution.

Impacted product:

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab

Mail

Available for: macOS High Sierra 10.13.6

Impact: A remote attacker may be able to unexpectedly alter application state

Description: This issue was addressed with improved checks.

CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences

Model I/O

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.6

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9973: Aleksandar Nikolic of Cisco Talos

Sandbox

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.6

Impact: A malicious application may be able to access restricted files

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9968: Adam Chester(@xpn) of TrustedSec.

Apple recommends to apply this update then you are protected from attackers.

error: Content is protected !!