Particle.news
Download on the App Store
4 ARTICLES
·
last wk.

Apple Releases Security Updates to Patch FontParser Memory-Corruption Bug

Experts urge rapid installation given the broad attack surface of font processing.

Overview

  • Apple addressed CVE-2025-43400, an out-of-bounds write in FontParser that malicious fonts can trigger to crash apps or corrupt memory, potentially enabling code execution.
  • Updates are available across platforms, including iOS/iPadOS 26.0.1 and 18.7.1, macOS Tahoe 26.0.1, Sequoia 15.7.1, Sonoma 14.8.1, and visionOS 26.0.1, with watchOS 26.0.2 and tvOS 26.0.1 released without published CVE entries.
  • Apple has not indicated active exploitation, but security specialists such as Hackuity and Jamf advise immediate deployment and compliance monitoring for managed fleets.
  • Because fonts load automatically from websites, documents, and email, the flaw presents a widely reachable vector that Hong Kong CERT notes is remotely exploitable.
  • Users should install via Settings > General > Software Update on iPhone and iPad or System Settings on macOS, and iOS 26.0.1 also fixes Bluetooth, 5G, Wi‑Fi, app icon, and camera issues.