Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Posted on By CWS

Apple has rolled out safety updates throughout its working programs to handle a vulnerability within the Font Parser element that would enable malicious fonts to crash functions or corrupt course of reminiscence.

The vulnerability, recognized as CVE-2025-43400, impacts a variety of merchandise, together with the newly launched macOS Tahoe and iOS 26, in addition to older variations.

The vulnerability is an out-of-bounds write problem in FontParser. One of these reminiscence security flaw allows a program to jot down knowledge past the top of an allotted buffer, leading to unpredictable conduct.

An attacker may exploit this by embedding a specifically crafted font in a doc, e-mail, or webpage. When a person interacts with this content material, the susceptible Font Parser element could also be triggered, doubtlessly resulting in app termination or reminiscence corruption.

Apple has addressed the difficulty by implementing improved bounds checking, guaranteeing the software program stays inside its designated reminiscence house when processing font knowledge.

Based on Apple’s advisory launched on September 29, 2025, there are not any identified situations of this vulnerability being exploited within the wild.

It stays unclear whether or not the flaw may very well be leveraged for arbitrary code execution, which might be a extra extreme menace. Nonetheless, the potential for denial-of-service assaults or reminiscence corruption makes it a important problem that must be addressed.

The safety repair impacts a variety of Apple merchandise, underscoring the shared codebase throughout its ecosystem.

Whereas Apple additionally launched updates for watchOS and tvOS, they didn’t embody patches for this vulnerability. Customers are strongly inspired to use the most recent updates to all affected units to mitigate any potential danger.

Apple Safety Patches

ProductPatched VersioniOS & iPadOS26.0.1iOS & iPadOS18.7.1macOS Tahoe26.0.1macOS Sequoia15.7.1macOS Sonoma14.8.1visionOS26.0.1

Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments Cyber Security News
Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware Cyber Security News
New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic Cyber Security News
Hackers Can Bypass OpenAI Guardrails Framework Using a Simple Prompt Injection Technique Cyber Security News
AI Browsers Bypass Content PayWall Mimicking as a Human-User Cyber Security News
Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely Cyber Security News