In some Apple systems … serious security vulnerabilities are discovered and the company performs an urgent fix

With Apple’s announcement that it had discovered serious security vulnerabilities in some of its operating systems, the company urgently fixed what had been discovered in the vulnerabilities of iOS, iPadOS, macOS and watchOS. .

The flaws reside in the FontParser component and the kernel, which allows attackers to remotely execute arbitrary code and execute malware with kernel-level privileges. It has been found that the vulnerabilities are actively exploited and affected iPhones, iPads and iPods.

The company said in a safety advisory report describing the three flaws:

Apple is aware of reports of exploitation of this problem, without providing additional details to allow the vast majority of users to install updates.

The list of affected devices includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air 2 and later, iPad mini 2 and later, and Apple Watch Series 1 and later versions.

The vulnerabilities affect Apple devices and other systems, including:

• Mac devices running macOS Catalina before macOS Catalina 10.15.7.
• IPads running versions of iPadOS earlier than iOS 14.2.
• Apple smartwatches with versions of watchOS earlier than watchOS 7.1, watchOS 6.2.9, and watchOS 5.3.9.
• Apple TV with versions of tvOS earlier than tvOS 14.2.

One of the vulnerabilities is a remote code execution error named CVE-2020-27930, triggered by a memory corruption issue when processing a font maliciously created through the FontParser library.

The second iOS vulnerability relates to a kernel memory leak which has been tracked as (CVE-2020-27950) resulting from a memory initialization issue that allows malicious applications to gain access to kernel memory.

The third vulnerability (CVE-2020-27932) that has been actively exploited is a kernel privilege escalation error caused by a type obfuscation issue that allows malicious applications to execute arbitrary code using the privileges of the core.

The Google Project Zero bug research team discovered the vulnerabilities and reported them to Apple’s security team.

Shane Huntley, director of the threat analysis group at Google, said: Targeted exploitation of vulnerabilities is similar to what has been recently reported and has nothing to do with electoral targeting.