Apple has issued an emergency patch for all its supported devices. This update brings Apple TV and Homepod to version 13.4.6, Apple Watch 6.2.6, iOS and iPadOS to 13.5.1, and as a supplemental update to Mac OS Catalina 10.15.5 and High Sierra 10.13.6. Interestingly Mojave doesn’t seem to be affected by this, nor due older supported versions of iOS, though those updates could be delayed for some unknown reason.
Apple lists the update as being CVE-2020-9859 and is a vulnerability in the kernel level, which is never a good thing. However the really telling part is that they give the discovery credit to “unc0ver”, which is a jailbreaking tool that can jailbreak iOS devices from iOS 11 to 13.5. Jailbreaking is a function which allows devices to uninstall software from other sources, in this case apps and services outside of Apple’s App Stores. While these can be used for pirated apps, they tend to be commonly used for adding new features, launchers, default apps, etc. that Apple normally won’t authorize. However jailbreaking typically has to work by exploiting security holes found in the system, meaning that someone could use the exploit the unc0ver jailbreak used to install malware onto your iPhone or iPad without your knowing.
Jailbreaking is a legitimate and legal thing to do (at least in the US) on devices that are your own. However, they come with security risks. If you’re not jailbreaking your devices, I would update your Apple devices immediately.