Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Posted on By CWS

Apple has rolled out safety updates throughout its working programs to handle a vulnerability within the Font Parser element that would enable malicious fonts to crash functions or corrupt course of reminiscence.

The vulnerability, recognized as CVE-2025-43400, impacts a variety of merchandise, together with the newly launched macOS Tahoe and iOS 26, in addition to older variations.

The vulnerability is an out-of-bounds write problem in FontParser. One of these reminiscence security flaw allows a program to jot down knowledge past the top of an allotted buffer, leading to unpredictable conduct.

An attacker may exploit this by embedding a specifically crafted font in a doc, e-mail, or webpage. When a person interacts with this content material, the susceptible Font Parser element could also be triggered, doubtlessly resulting in app termination or reminiscence corruption.

Apple has addressed the difficulty by implementing improved bounds checking, guaranteeing the software program stays inside its designated reminiscence house when processing font knowledge.

Based on Apple’s advisory launched on September 29, 2025, there are not any identified situations of this vulnerability being exploited within the wild.

It stays unclear whether or not the flaw may very well be leveraged for arbitrary code execution, which might be a extra extreme menace. Nonetheless, the potential for denial-of-service assaults or reminiscence corruption makes it a important problem that must be addressed.

The safety repair impacts a variety of Apple merchandise, underscoring the shared codebase throughout its ecosystem.

Whereas Apple additionally launched updates for watchOS and tvOS, they didn’t embody patches for this vulnerability. Customers are strongly inspired to use the most recent updates to all affected units to mitigate any potential danger.

Apple Safety Patches

ProductPatched VersioniOS & iPadOS26.0.1iOS & iPadOS18.7.1macOS Tahoe26.0.1macOS Sequoia15.7.1macOS Sonoma14.8.1visionOS26.0.1

Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials Cyber Security News
Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT Cyber Security News
Chrome’s Privacy Risks: Fingerprinting and Header Leaks Chrome’s Privacy Risks: Fingerprinting and Header Leaks Cyber Security News
Fake Tax Pages Deliver Malware to Windows Systems Fake Tax Pages Deliver Malware to Windows Systems Cyber Security News
Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors  Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors  Cyber Security News
Attackers Exploiting React2Shell Vulnerability to Attack IT Sectors Attackers Exploiting React2Shell Vulnerability to Attack IT Sectors Cyber Security News