Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can.
For Safari, there are nine CVE-listed patches in version 13.1.1. Six address malicious code execution (CVE-2020-9802, CVE-2020-9800, CVE-2020-9806, CVE-2020-9807, CVE-2020-9850, CVE-2020-9803) that can be achieved by opening a booby-trapped webpage or similar.
These were found separately by Samuel Groß of Google Project Zero; Brendan Draper working with Trend Micro's ZDI; Wen Xu of SSLab at Georgia Tech in the US; and a trio working together at SSLab. The vulnerabilities are present in the Webkit component of Safari.
The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application. An anonymous researcher found CVE-2020-9805, and Ryan Pickren found CVE-2020-9843, both cross-site scripting holes in the software. Natalie Silvanovich of Google Project Zero found CVE-2019-20503, an information leak in the WebRTC component of Safari.
MacOS Catalina, aka version 10.15.5, meanwhile, features 46 security patches, also available to macOS Mojave (10.14) and High Sierra (10.13) users. Here are the highlights: