Apple has released a supplemental update for macOS Catalina 10.15.7. The update offers a number of important security fixes, and we’d recommend that you download it from the Mac App Store as soon as possible.
The update closes three dangerous security holes.
According to Apple’s support document on the subject, a vulnerability in FontParser could enable malicious code to be executed on the Mac using specially configured fonts. There are also two security holes in the kernel: one can be used to execute malicious code with administrator rights on the Mac, and the other can be used to read the memory area of the kernel. There are already reports on the internet about malware exploiting these vulnerabilities.
All the holes were discovered by Google Project Zero.
If you update from an older version, you will also be offered the following bug fixes:
- Resolves an issue where macOS would not automatically connect to Wi-Fi networks
- Fixes an issue that could prevent files syncing through iCloud Drive
- Addresses a graphic issue that may occur on iMac (Retina 5K, 27-inch, 2020) with Radeon Pro 5700 XT
For general advice on keeping your device safe, read our Mac security tips.
This article is based on original reporting by Macworld Sweden and Macwelt. Translation by David Price.