383/68 Friday, October 3, 2025
Apple has released updates for iOS and macOS to fix CVE-2025-43400, a vulnerability in the FontParser system that could cause an out-of-bounds write in memory. This flaw may lead to sudden application crashes, abnormal system behavior, or potentially allow attackers to execute arbitrary malicious code. An attacker could craft a specially designed font file that, when loaded by an app or the system, corrupts memory and enables device compromise.
The updates cover iOS/iPadOS 26.0.1, 18.7.1, macOS 26.0.1, 15.7.1, 14.8.1, and visionOS 26.0.1, supporting devices including:
- iPhone 11 and later
- iPad Pro 12.9-inch (3rd gen and newer)
- iPad Pro 11-inch (1st gen and newer)
- iPad Air (3rd gen and newer)
- iPad (8th gen and newer)
- iPad mini (5th gen and newer)
According to Malwarebytes, this type of vulnerability is particularly dangerous because fonts are widely used and automatically processed by the system, making them an attack vector that users often overlook.
Although there is currently no evidence of widespread exploitation, users and administrators are strongly advised to update their devices immediately to mitigate risk. Apple further recommends avoiding fonts from untrusted sources, reviewing app permissions that allow external file loading, and staying updated with official security advisories and patches to reduce exposure.
