Apple on Monday launched a recent spherical of safety updates that handle a single medium-severity vulnerability affecting each iOS and macOS.
Tracked as CVE-2025-43400, the safety defect is described as an out-of-bounds write difficulty within the working system’s FontParser part that would result in a denial-of-service (DoS) situation or reminiscence corruption.
“Processing a maliciously crafted font might result in surprising app termination or corrupt course of reminiscence,” Apple explains.
In response to advisories from the Hong Kong CERT and Akaoma Cybersecurity, the vulnerability might be exploited remotely, with out privileges, though person interplay is required.
“The flaw may very well be triggered by a malicious font delivered by way of a doc, electronic mail attachment, or net content material, and should result in surprising software termination or reminiscence corruption,” Jamf senior safety technique supervisor Adam Boynton mentioned.
To resolve the bug, the Cupertino-based firm has rolled out updates for the lately launched iOS 26 and macOS 26, but in addition for older variations of its cellular and desktop platforms.
The updates are rolling out as iOS 26.0.1 and iPadOS 26.0.1, macOS Tahoe 26.0.1, iOS 18.7.1 and iPadOS 18.7.1, macOS Sequoia 15.7.1, and macOS Sonoma 14.8.1. The fixes had been additionally included in visionOS 26.0.1.
As SANS Institute’s Johannes Ullrich factors out, Apple usually rolls out minor system updates shortly after releasing main platform iterations, and the recent replace mustn’t come as a shock.Commercial. Scroll to proceed studying.
“It’s typical for Apple to launch a ‘.0.1’ replace quickly after releasing a serious new working system. These updates usually repair varied practical points, however this time, additionally they repair a safety vulnerability,” Ullrich notes.
Apple makes no point out of this vulnerability being exploited within the wild, however customers are suggested to replace their gadgets as quickly as potential. Further info might be discovered on Apple’s safety releases web page.
“As a result of the problem has the potential to trigger service disruptions or undermine system stability, we strongly advocate updating to iOS 26.0.1 at your earliest comfort. Organizations ought to guarantee fleet gadgets are saved present, implement compliance, and monitor for OS replace rollout standing,” Boynton mentioned.
Associated: Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities
Associated: Ex-WhatsApp Worker Sues Meta Over Vulnerabilities, Retaliation
Associated: Rethinking Success in Safety: Why Climbing the Company Ladder Isn’t At all times the Purpose
Associated: North Korean Hackers Goal macOS Customers
