Apple on Thursday released a supplemental update for macOS Catalina 10.15.7, which brings security fixes. The supplemental update arrives a bit more than a month following the release of the macOS Catalina 10.15.7 update.
The macOS Catalina 10.15.7 Supplemental Update can be downloaded for free from the Mac App Store via the Update feature in the System Preferences app on compatible Macs.
Apple’s release notes for the Supplemental Update says it improves the security of macOS and is recommended for all users.
An Apple support document lists the several vulnerabilities that are addressed with the update:
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-27930: Google Project Zero
Kernel
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A type confusion issue was addressed with improved state handling.
CVE-2020-27932: Google Project Zero
Kernel
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
This may be the final update for macOS Catalina, as it will soon be replaced by macOS Big Sur, which is in the final stages of beta testing. Big Sur could be released as soon as next week, following Apple’s event.