Apple has released yesterday update for macOS Catalina version 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.
Processing a maliciously crafted image may lead to arbitrary code execution.
Impacted product:
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab
Available for: macOS High Sierra 10.13.6
Impact: A remote attacker may be able to unexpectedly alter application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences
Model I/O
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Sandbox
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.6
Impact: A malicious application may be able to access restricted files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec.
Apple recommends to apply this update then you are protected from attackers.