Apple Security Update to fix malicious font crash
Apple released a security update that fixes an issue involving the FontParser service that could cause an app crash.
This update was released on September 29 for the following:
- macOS Sonoma 14.8.1
- macOS Sequoia 15.7.1
- macOS 26.0.1
- iOS 18.7.1 and iPadOS 18.7.1
- iOS 26.0.1 and iPadOS 26.0.1
- visionOS 26.0.1
Apple has not divulged specific details regarding the vulnerability, dubbed CVE-2025-43400, only that a “maliciously crafted font may lead to unexpected app termination or corrupt process memory”.
This vulnerability was ultimately the result of an out-of-bounds write issue in which an attacker can write outside the bounds of an allocated area of memory to crash a program or (in some cases) execute arbitrary code. The implications of such a vulnerability can range from a minor inconvenience to a much more serious security issue depending on how the memory is affected.
This vulnerability does not appear to be actively exploited in the wild.
Addigy provides a seamless update process to patch these devices to the latest version to mitigate this vulnerability. Find out more details about how to apply system updates.