Apple has released urgent software updates for iOS and macOS to fix a medium-severity flaw in font processing. This vulnerability could cause apps to crash or corrupt memory, potentially enabling attackers to execute arbitrary code.
Vulnerability Details
The flaw, tracked as CVE-2025-43400 is an out-of-bounds (OOB) write issue located in the operating system’s FontParser component. An OOB write happens when a program attempts to write data outside of its designated memory space. This action can corrupt nearby memory, leading to unpredictable behavior, system crashes, or worse.
An attacker could exploit this vulnerability by crafting a malicious font file. When an application loads this specially designed font, it can trigger memory corruption or an unexpected app termination. In the worst-case scenario, this could allow an attacker to execute harmful code, potentially gaining control over the device, as noted in an analysis by Malwarebytes. Since fonts are widely used and often processed silently, this represents a significant risk.
The advisory stated, "Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory." Apple addressed this by implementing improved bounds checking.
Available Updates
The vulnerability can be exploited by a remote attacker. Apple has issued updates across a range of current and older platforms to patch the bug.
The new releases include:
- iOS/iPadOS 26.0.1,18.7.1
- macOS 26.0.1,15.7.1,14.8.1
- visionOS 26.0.1
These updates are available for a broad range of devices, including iPhone 11 and later, various generations of iPad Pro, iPad Air, standard iPad, and iPad mini.
While it is currently unknown if attackers have actively exploited this flaw in the wild, users are strongly advised to update their devices immediately.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
