Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Posted on By CWS

Apple has rolled out safety updates throughout its working programs to handle a vulnerability within the Font Parser element that would enable malicious fonts to crash functions or corrupt course of reminiscence.

The vulnerability, recognized as CVE-2025-43400, impacts a variety of merchandise, together with the newly launched macOS Tahoe and iOS 26, in addition to older variations.

The vulnerability is an out-of-bounds write problem in FontParser. One of these reminiscence security flaw allows a program to jot down knowledge past the top of an allotted buffer, leading to unpredictable conduct.

An attacker may exploit this by embedding a specifically crafted font in a doc, e-mail, or webpage. When a person interacts with this content material, the susceptible Font Parser element could also be triggered, doubtlessly resulting in app termination or reminiscence corruption.

Apple has addressed the difficulty by implementing improved bounds checking, guaranteeing the software program stays inside its designated reminiscence house when processing font knowledge.

Based on Apple’s advisory launched on September 29, 2025, there are not any identified situations of this vulnerability being exploited within the wild.

It stays unclear whether or not the flaw may very well be leveraged for arbitrary code execution, which might be a extra extreme menace. Nonetheless, the potential for denial-of-service assaults or reminiscence corruption makes it a important problem that must be addressed.

The safety repair impacts a variety of Apple merchandise, underscoring the shared codebase throughout its ecosystem.

Whereas Apple additionally launched updates for watchOS and tvOS, they didn’t embody patches for this vulnerability. Customers are strongly inspired to use the most recent updates to all affected units to mitigate any potential danger.

Apple Safety Patches

ProductPatched VersioniOS & iPadOS26.0.1iOS & iPadOS18.7.1macOS Tahoe26.0.1macOS Sequoia15.7.1macOS Sonoma14.8.1visionOS26.0.1

Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Cyber Security News
Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes Cyber Security News
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad Cyber Security News
Researchers Uncovered on How Russia Leverages Private Companies, Hacktivist to Strengthen Cyber Capabilities Cyber Security News
Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack Cyber Security News
How Microsoft Azure Storage Logs Aid Forensics Following a Security Breach Cyber Security News