Apple has patched four vulnerabilities in macOS Catalina, High Sierra, and Mojave.
One of the vulnerabilities (CVE-2020-9973) affects the Model I / O component. Its exploitation, which includes the processing of a malicious USD file, could lead to arbitrary code execution or a DoS condition. The vulnerability affects all versions of macOS. The problem was reported by a Cisco Talos researcher, and Apple has fixed it.
Another issue (CVE-2020-9968) that also affects all versions of macOS is a sandbox vulnerability. It can be exploited by a malicious application to access restricted files. Adam Chester of TrustedSec reported his findings to Apple, and the company patched the vulnerability.
The tech giant has also patched a remote arbitrary code execution vulnerability (CVE-2020-9961) that could be exploited using malicious images. An issue discovered by Xingwei Lin of the Ant Group Light-Year Security Lab affects the ImageIO component in macOS High Sierra and Mojave.
The fourth issue (CVE-2020-9941) only affects macOS High Sierra and affects the Mail component. Its exploitation allows a remote attacker to "change the state of the application."