
Security Update 2020-006 (Mojave and High Sierra)
Apple has released Security Update 2020-006 for macOS 10.14 Mojave and 10.13 High Sierra to patch a trio of security vulnerabilities in the older operating systems (see “Apple Updates Numerous Operating Systems for Exploited Security Vulnerabilities,” 5 November 2020). They address a memory corruption issue that could allow a maliciously crafted font to execute arbitrary code, improve state handling to prevent a malicious application from executing arbitrary code with kernel privileges, and resolve a memory initialization issue that could disclose kernel memory. You can access the updates via Software Update. We haven’t heard of any problems related to these updates, and the vulnerabilities they eliminate are being exploited in the wild, so we recommend updating soon. (Free, various sizes, release notes)
Start the discussion in the TidBITS Discourse forum