Apple Patches High-Risk Font Parser Vulnerability in macOS, iOS, iPadOS
Apple has patched a high-risk security vulnerability in several of its operating systems. The bug, tracked as CVE-2025-43400, affects certain versions of macOS, iOS, and iPadOS. The Federal Office for Information Security (BSI) urges users to update their devices promptly to avoid potential attacks.
The vulnerability lies in the Font Parser, a component that analyzes font files. It allows writing outside the allowed range, potentially leading to crashes or memory damage. All versions of Apple iOS before 18.7.1 and 26.0.1, iPadOS before 18.7.1 and 26.0.1, and certain macOS versions are affected. These include Sequoia older than 15.7.1, Sonoma older than 14.8.1, and Tahoe older than 15.7.1.
Apple has released updates to fix the issue. The iOS 26.0.1 / iPadOS 26.0.1 update, released on September 29, 2025, addresses the vulnerability. The BSI's Citizen CERT recommends affected users to download these security updates promptly. The updates include improved boundary checks to prevent attackers from exploiting manipulated font files in emails, documents, or websites.
The BSI warns that malicious actors could exploit this vulnerability to launch denial-of-service attacks or damage process memory. Users are advised to update their devices immediately to ensure their systems are secure. Apple has confirmed that the vulnerability has been addressed in the latest updates.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Infiltration of Estonian airspace by Russian military aircraft
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
