On Thursday, Apple told customers that a total of four bugs have been fixed through MacOS Catalina, High Sierra and Mojave.
CVE-2020-9973, a problem concerning the Model I / O portion, is one of the security holes. Apple believes that exploiting the bug, which requires processing a malicious USD file, could lead to the execution of arbitrary code or a DoS state.
This flaw, reported by a Cisco Talos researcher to Apple, affects all macOS versions and was also patched on iOS and iPadOS earlier this month with the introduction of version 14.
CVE-2020-9968, a sandbox bug that can be abused by a malicious programme to access restricted files, is another flaw that affects all macOS versions and which Apple already fixed in iOS 14 and iPadOS 14 earlier this month. TrustedSec ‘s Adam Chester has been praised with sending it to Apple.
An arbitrary code execution flaw which can be abused using malicious image files has already been patched by the tech giant. The ImageIO component in macOS High Sierra and Mojave is affected by this problem, identified by Xingwei Lin of Ant Group Light-Year Security Lab.
The fourth bug fixed in macOS this week, which only affects High Sierra, affects the Mail portion and will cause a remote intruder to “unexpectedly modify the application state.” Researchers from the FH Münster University of Applied Sciences in Germany found the flaw.
This week, iCloud for Windows was upgraded to version 11.4. The new update solves a flaw in cross-site scripting (XSS).
This week, Apple also released updates to iOS 14, watchOS 7 and tvOS 14, but says no vulnerabilities are addressed.