Despite the good reputation of Apple’s operating systems, its ecosystem is far from perfect. The recent security flaws discovered within Apple’s ecosystem by cybersecurity researchers at Google Project Zero are proof of this. Warned of the problem, the Cupertino company quickly reacted by providing a corrective update for all of its operating systems affected by these breaches.
Apple product owners are encouraged to install the latest update offered by their device, namely macOS 10.15.7, iOS 14.2, iPadOS 14.2, watchOS 5.3.9, and 6.2.9. Only tvOS is not affected by this security concern.
In view of the threat, Apple has also released a patch update for its older products. The 12.4.9 patch is therefore available on iPhone 5s and 6, iPad Air, mini 2 and mini 3, iPod Touch 6th generation.
These security vulnerabilities are indeed particularly important and the researchers at Project Zero have shown that they are the object of malicious exploitation. The CVE-2020-27930 vulnerability is located in the FontParser library and allows to create a font that will allow remote execution of malicious code. The CVE-2020-27932 breach also allows malicious code to be executed in the system kernel. And the latest flaw, the CVE-2020-27950, allows kernel memory to be siphoned off.