One of the vulnerabilities addressed by Apple in its latest set of security patches for macOS is an arbitrary code execution flaw, which could be exploited via malicious USB devices.
Discovered by Trend Micro security researchers and reported to Apple in April this year, the issue resides in fsck_msdos, a system tool designed to check for and fix errors in devices formatted with the FAT filesystem.
The security researchers discovered that because the tool is automatically invoked by macOS when a device using the FAT filesystem (such as a USB disk or an SD card) is inserted, a security bug could allow malicious devices to execute arbitrary code when they are connected to a Mac.
