A zero-click security vulnerability in Apple s Mac Mail would allow a cyberattacker to add or modify any arbitrary file inside the sandbox. Mikko Kentt..l.., founder and CEO of SensorFu, discovered the bug (CVE-2020-9922) by sending test messages and following Mail process syscalls. Exploit could lead to unauthorized disclosure of sensitive information to a third party. The bug was patched in Macs Mojave 10.14.6, Mac High Sierra 10.13.6 and Mac Catalina 10.15.5.
Source: https://threatpost.com/apple-mail-zero-click-security-vulnerability/165238/