Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory

Posted on By CWS

Apple has rolled out safety updates throughout its working programs to handle a vulnerability within the Font Parser element that would enable malicious fonts to crash functions or corrupt course of reminiscence.

The vulnerability, recognized as CVE-2025-43400, impacts a variety of merchandise, together with the newly launched macOS Tahoe and iOS 26, in addition to older variations.

The vulnerability is an out-of-bounds write problem in FontParser. One of these reminiscence security flaw allows a program to jot down knowledge past the top of an allotted buffer, leading to unpredictable conduct.

An attacker may exploit this by embedding a specifically crafted font in a doc, e-mail, or webpage. When a person interacts with this content material, the susceptible Font Parser element could also be triggered, doubtlessly resulting in app termination or reminiscence corruption.

Apple has addressed the difficulty by implementing improved bounds checking, guaranteeing the software program stays inside its designated reminiscence house when processing font knowledge.

Based on Apple’s advisory launched on September 29, 2025, there are not any identified situations of this vulnerability being exploited within the wild.

It stays unclear whether or not the flaw may very well be leveraged for arbitrary code execution, which might be a extra extreme menace. Nonetheless, the potential for denial-of-service assaults or reminiscence corruption makes it a important problem that must be addressed.

The safety repair impacts a variety of Apple merchandise, underscoring the shared codebase throughout its ecosystem.

Whereas Apple additionally launched updates for watchOS and tvOS, they didn’t embody patches for this vulnerability. Customers are strongly inspired to use the most recent updates to all affected units to mitigate any potential danger.

Apple Safety Patches

ProductPatched VersioniOS & iPadOS26.0.1iOS & iPadOS18.7.1macOS Tahoe26.0.1macOS Sequoia15.7.1macOS Sonoma14.8.1visionOS26.0.1

Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

Urgent Updates for Jenkins Plugins Fix Critical Flaws Urgent Updates for Jenkins Plugins Fix Critical Flaws Cyber Security News
Critical Instagram AI Flaw Exposed by Researchers Critical Instagram AI Flaw Exposed by Researchers Cyber Security News
Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data Cyber Security News
Breaking Down Silos Aligning IT and Security Teams Breaking Down Silos Aligning IT and Security Teams Cyber Security News
XWiki RCE Vulnerability Actively Exploted In Wild To Deliver Coinminer XWiki RCE Vulnerability Actively Exploted In Wild To Deliver Coinminer Cyber Security News
Iranian Hackers Target Omani Ministries: Data Theft Uncovered Iranian Hackers Target Omani Ministries: Data Theft Uncovered Cyber Security News