The reported vulnerabilities were originally discovered by cybersecurity firm hired by Dropbox to conduct simulated penetration testing attacks as Red Team on the company’s IT infrastructure. Apple released security updates on March 29 that included the security fixes for the three vulnerabilities. The vulnerabilities were discovered and disclosed to Apple security team in February this year, which were then patched by Apple just over one month later with the release of its March security updates. As shown in a video demonstration, the researchers were able to create a two-stage attack by chaining together all the vulnerabilities to take control of a Mac computer just by.
Source: https://thehackernews.com/2018/11/apple-macos-zeroday.html