""FontParser is the system that interprets font files, so characters can be interpreted across applications, documents and the web,""
""As these files are often loaded automatically from documents, emails or websites, vulnerabilities here are high risk,""
"CVE-2025-43400 is an out-of-bounds write issue which is exploited when a vulnerable device processes a maliciously crafted font hidden in an otherwise seemingly benign piece of content. Affected devices may experience unexpected behaviours such as sudden app termination or process memory corruption."
"While app crashes are more often annoying than risky, process memory corruption is particularly dangerous as, given the right circumstances, it can form an element of an attack chain by leading to behaviour that can enable an attacker to gain unauthorised system access, exfiltrate data, or even remote code execution (RCE) further down the line."
Apple released the first security update for iOS 26 addressing a single medium-severity vulnerability, CVE-2025-43400, in the Apple FontParser component. FontParser interprets font files so characters render correctly across applications, documents and the web. The vulnerability is an out-of-bounds write triggered when a device processes a maliciously crafted font embedded in otherwise benign content. Affected devices can experience app crashes or process memory corruption. Process memory corruption can enable an attack chain leading to unauthorized system access, data exfiltration or remote code execution. Apple provided minimal technical detail and did not state whether the issue is exploited in the wild.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]