Apple has released important security updates to address a critical vulnerability in FontParser—the part of MacOS/iOS/iPadOS that processes fonts.
Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution.
While Apple hasn’t said it’s being actively exploited, similar bugs have been used in jailbreaks and spyware attacks in the past, so it’s smart to patch it promptly.
How to update your devices
How to update your iPhone or iPad
For iOS and iPadOS users, you can check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.
How to update macOS on any version
To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:
- Click the Apple menu in the upper-left corner of your screen.
- Choose System Settings (or System Preferences on older versions).
- Select General in the sidebar, then click Software Update on the right. On older macOS, just look for Software Update directly.
- Your Mac will check for updates automatically. If updates are available, click Update Now (or Upgrade Now for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.
- Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).
- Make sure your Mac stays plugged in and connected to the internet until the update is done.
How to update Apple Watch
- Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi.
- Keep your Apple Watch on its charger and close to your iPhone.
- Open the Watch app on your iPhone.
- Tap General > Software Update.
- If an update appears, tap Download and Install.
- Enter your iPhone passcode or Apple ID password if prompted.
Your Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.
How to update Apple TV
- Turn on your Apple TV and make sure it’s connected to the internet.
- Open the Settings app on Apple TV.
- Navigate to System > Software Updates.
- Select Update Software.
- If an update appears, select Download and Install.
The Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.
Updates for your particular device
| Name and information link | Available for |
| iOS 26.0.1 and iPadOS 26.0.1 | iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later |
| iOS 18.7.1 and iPadOS 18.7.1 | iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later |
| macOS Tahoe 26.0.1 | macOS Tahoe |
| macOS Sequoia 15.7.1 | macOS Sequoia |
| macOS Sonoma 14.8.1 | macOS Sonoma |
| visionOS 26.0.1 | Apple Vision Pro |
| watchOS 26.0.2 no published CVE entries. | Apple Watch Series 6 and later |
| tvOS 26.0.1 no published CVE entries. | Apple TV HD and Apple TV 4K (all models) |
Technical details
The vulnerability tracked as CVE-2025-43400 was described as an out-of-bounds write issue in FontParser that, when exploited, could cause the processing of a maliciously crafted font to lead to unexpected app termination or corrupt process memory.
An out-of-bounds write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.
Typically, fonts are safe and standardized files used daily in countless apps and websites, but due to this vulnerability an attacker can create a specially crafted font file containing manipulated data that exploits vulnerabilities in the font processing engine of the operating system. When this malicious font is loaded by an app or system process, it can trigger memory corruption or crashes. In worst-case scenarios, this can enable attackers to execute harmful code remotely, gaining control over the device.
Given that fonts are widely used and often processed silently in the background, font vulnerabilities pose a significant risk vector for attackers aiming to compromise devices.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
