Apple on Monday released a fresh round of security updates that address a single medium-severity vulnerability affecting both iOS and macOS.
Tracked as CVE-2025-43400, the security defect is described as an out-of-bounds write issue in the operating system’s FontParser component that could lead to a denial-of-service (DoS) condition or memory corruption.
“Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory,” Apple explains.
According to advisories from the Hong Kong CERT and Akaoma Cybersecurity, the vulnerability can be exploited remotely, without privileges, although user interaction is required.
“The flaw could be triggered by a malicious font delivered via a document, email attachment, or web content, and may lead to unexpected application termination or memory corruption,” Jamf senior security strategy manager Adam Boynton said.
To resolve the bug, the Cupertino-based company has rolled out updates for the recently released iOS 26 and macOS 26, but also for older versions of its mobile and desktop platforms.
The updates are rolling out as iOS 26.0.1 and iPadOS 26.0.1, macOS Tahoe 26.0.1, iOS 18.7.1 and iPadOS 18.7.1, macOS Sequoia 15.7.1, and macOS Sonoma 14.8.1. The fixes were also included in visionOS 26.0.1.
As SANS Institute’s Johannes Ullrich points out, Apple typically rolls out minor system updates shortly after releasing major platform iterations, and the fresh update should not come as a surprise.
“It is typical for Apple to release a ‘.0.1’ update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability,” Ullrich notes.
Apple makes no mention of this vulnerability being exploited in the wild, but users are advised to update their devices as soon as possible. Additional information can be found on Apple’s security releases page.
“Because the issue has the potential to cause service disruptions or undermine system stability, we strongly recommend updating to iOS 26.0.1 at your earliest convenience. Organizations should ensure fleet devices are kept current, enforce compliance, and monitor for OS update rollout status,” Boynton said.
Related: Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities
Related: Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation
Related: Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal
Related: North Korean Hackers Target macOS Users
