Apple maniacs are urged to update their equipment quickly. The Cupertino company has indeed just plugged a whole series of security flaws, including three particularly harmful discovered by Google Project Zero.
These three vulnerabilities (CVE-2020-27930, CVE-2020-27932, CVE-2020-27950) are currently exploited by hackers and affect almost all operating systems. Only tvOS is not affected.
The corrective updates that must be applied are as follows: macOS 10.15.7, iOS 14.2, iPadOS 14.2, watchOS 5.3.9 and 6.2.9. Note that Apple deemed these flaws significant enough to also release an exceptional patch for its old devices via the update 12.4.9 for iPhone 5s and 6, iPad Air, mini 2 and mini 3, iPod Touch 6th generation.
It must be said that these vulnerabilities are particularly dangerous. CVE-2020-27930 is a bug in the FontParser library and allows to forge a font that will execute arbitrary code remotely. CVE-2020-27932 is a flaw that allows the execution of arbitrary code in the system kernel. Finally, CVE-2020-27950 allows kernel memory to be siphoned off.
Source : Apple