"Tracked as CVE-2025-43400, the security defect is described as an out-of-bounds write issue in the operating system's FontParser component that could lead to a denial-of-service (DoS) condition or memory corruption. "Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory," Apple explains. According to advisories from the Hong Kong CERT and Akaoma Cybersecurity, the vulnerability can be exploited remotely, without privileges, although user interaction is required."
""The flaw could be triggered by a malicious font delivered via a document, email attachment, or web content, and may lead to unexpected application termination or memory corruption," Jamf senior security strategy manager Adam Boynton said. To resolve the bug, the Cupertino-based company has rolled out updates for the recently released iOS 26 and macOS 26, but also for older versions of its mobile and desktop platforms. The updates are rolling out as iOS 26.0.1 and iPadOS 26.0.1, macOS Tahoe 26.0.1, iOS 18.7.1 and iPadOS 18.7.1, macOS Sequoia 15.7.1, and macOS Sonoma 14.8.1. The fixes were also included in visionOS 26.0.1."
An out-of-bounds write vulnerability in the operating system FontParser component (CVE-2025-43400) can cause denial-of-service or memory corruption. The flaw can be exploited remotely without privileges but requires user interaction, for example via a malicious font delivered in a document, email attachment, or web content. Apple released security updates across multiple platforms and versions, including iOS 26.0.1, iPadOS 26.0.1, macOS Tahoe 26.0.1, iOS 18.7.1, iPadOS 18.7.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, and visionOS 26.0.1. No in-the-wild exploitation has been reported; users should update promptly.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]