Security word over a beacon on a Macbook pro screen

Apple Security Update to fix malicious font crash

Apple released a security update that fixes an issue involving the FontParser service that could cause an app crash. 

This update was released on September 29 for the following:  

  • macOS Sonoma 14.8.1
  • macOS Sequoia 15.7.1
  • macOS 26.0.1
  • iOS 18.7.1 and iPadOS 18.7.1
  • iOS 26.0.1 and iPadOS 26.0.1
  • visionOS 26.0.1

Apple has not divulged specific details regarding the vulnerability, dubbed CVE-2025-43400, only that a “maliciously crafted font may lead to unexpected app termination or corrupt process memory”. 

This vulnerability was ultimately the result of an out-of-bounds write issue in which an attacker can write outside the bounds of an allocated area of memory to crash a program or (in some cases) execute arbitrary code. The implications of such a vulnerability can range from a minor inconvenience to a much more serious security issue depending on how the memory is affected. 

This vulnerability does not appear to be actively exploited in the wild. 

Addigy provides a seamless update process to patch these devices to the latest version to mitigate this vulnerability. Find out more details about how to apply system updates.

Nathan Pabon

Nathan Pabon

Application Security Engineer at Addigy

Similar Posts