CVE-2020-27946: 
macOS vulnerability analysis and mitigation

CVE-2020-27946 is an information disclosure vulnerability discovered in Apple's FontParser component that affects multiple Apple operating systems including iOS 14.3, iPadOS 14.3, macOS Big Sur 11.1, watchOS 7.2, and tvOS 14.3. The vulnerability was discovered by Mateusz Jurczyk of Google Project Zero and was patched in December 2020 through various security updates (Apple Support).

The vulnerability is characterized as an information disclosure issue in the FontParser component that occurs when processing maliciously crafted fonts. The issue was addressed with improved state management. When exploited, the vulnerability could result in the disclosure of process memory. This vulnerability affects the FontParser component across multiple Apple operating systems (Apple Support, Apple Support).

When successfully exploited, the vulnerability allows processing of a maliciously crafted font to result in the disclosure of process memory. This could potentially expose sensitive information stored in the device's memory to unauthorized parties (Apple Support).

Apple addressed this vulnerability by implementing improved state management in the FontParser component. The fix was released in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Users are advised to update their devices to these versions or later to mitigate the vulnerability (Apple Support, Apple Support).