Apple has rolled out security updates across its operating systems to address a vulnerability in the Font Parser component that could allow malicious fonts to crash applications or corrupt process memory.
The vulnerability, identified as CVE-2025-43400, affects a wide range of products, including the newly released macOS Tahoe and iOS 26, as well as older versions.
The vulnerability is an out-of-bounds write issue in FontParser. This type of memory safety flaw enables a program to write data beyond the end of an allocated buffer, resulting in unpredictable behavior.
An attacker could exploit this by embedding a specially crafted font in a document, email, or webpage. When a user interacts with this content, the vulnerable Font Parser component may be triggered, potentially leading to app termination or memory corruption.
Apple has addressed the issue by implementing improved bounds checking, ensuring the software stays within its designated memory space when processing font data.
According to Apple’s advisory released on September 29, 2025, there are no known instances of this vulnerability being exploited in the wild.
It remains unclear whether the flaw could be leveraged for arbitrary code execution, which would be a more severe threat. However, the potential for denial-of-service attacks or memory corruption makes it a critical issue that needs to be addressed.
The security fix affects a wide range of Apple products, underscoring the shared codebase across its ecosystem.
While Apple also released updates for watchOS and tvOS, they did not include patches for this vulnerability. Users are strongly encouraged to apply the latest updates to all affected devices to mitigate any potential risk.
Apple Security Patches
| Product | Patched Version |
|---|---|
| iOS & iPadOS | 26.0.1 |
| iOS & iPadOS | 18.7.1 |
| macOS Tahoe | 26.0.1 |
| macOS Sequoia | 15.7.1 |
| macOS Sonoma | 14.8.1 |
| visionOS | 26.0.1 |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
