Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Posted on By CWS

Apple has rolled out safety updates throughout its working programs to handle a vulnerability within the Font Parser element that would enable malicious fonts to crash functions or corrupt course of reminiscence.

The vulnerability, recognized as CVE-2025-43400, impacts a variety of merchandise, together with the newly launched macOS Tahoe and iOS 26, in addition to older variations.

The vulnerability is an out-of-bounds write problem in FontParser. One of these reminiscence security flaw allows a program to jot down knowledge past the top of an allotted buffer, leading to unpredictable conduct.

An attacker may exploit this by embedding a specifically crafted font in a doc, e-mail, or webpage. When a person interacts with this content material, the susceptible Font Parser element could also be triggered, doubtlessly resulting in app termination or reminiscence corruption.

Apple has addressed the difficulty by implementing improved bounds checking, guaranteeing the software program stays inside its designated reminiscence house when processing font knowledge.

Based on Apple’s advisory launched on September 29, 2025, there are not any identified situations of this vulnerability being exploited within the wild.

It stays unclear whether or not the flaw may very well be leveraged for arbitrary code execution, which might be a extra extreme menace. Nonetheless, the potential for denial-of-service assaults or reminiscence corruption makes it a important problem that must be addressed.

The safety repair impacts a variety of Apple merchandise, underscoring the shared codebase throughout its ecosystem.

Whereas Apple additionally launched updates for watchOS and tvOS, they didn’t embody patches for this vulnerability. Customers are strongly inspired to use the most recent updates to all affected units to mitigate any potential danger.

Apple Safety Patches

ProductPatched VersioniOS & iPadOS26.0.1iOS & iPadOS18.7.1macOS Tahoe26.0.1macOS Sequoia15.7.1macOS Sonoma14.8.1visionOS26.0.1

Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild Cyber Security News
Hackers Using PUP Advertisements to Silently Drop Windows Malware Cyber Security News
Cloudflare Confirms Data Breach, Hackers Stole Customer Data from Salesforce Instances Cyber Security News
Microsoft November 2025 Patch Tuesday Cyber Security News
Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials Cyber Security News
SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes Cyber Security News