CVE-2025-43400

Name of the Vulnerable Software and Affected Versions Apple macOS versions prior to Tahoe 26.0.1 Apple iOS versions prior to 26.0.1 Apple iPadOS versions prior to 26.0.1 Apple visionOS version 26.0.1 Apple Sonoma versions prior to 14.8.1 Apple Sequoia versions prior to 15.7.1 Apple watchOS version 26.1 Apple tvOS version 26.1 Apple iOS versions prior to 18.7.1 Apple iPadOS versions prior to 18.7.1

Description The issue is an out-of-bounds write flaw within the FontParser component, addressed through improved bounds checking. Processing a maliciously crafted font may lead to unexpected application termination or corruption of process memory. The vulnerability could be exploited remotely, requiring user interaction. Reports indicate this flaw has garnered significant attention, with numerous articles published about it. The root cause is a lack of robust integer overflow checks and insufficient input validation in libFontParser.dylib, which can lead to a heap buffer overflow when parsing a specifically crafted Type 1 font.

Recommendations Update to macOS Tahoe 26.0.1. Update to iOS 26.0.1. Update to iPadOS 26.0.1. Update to visionOS 26.0.1. Update to macOS Sonoma 14.8.1. Update to macOS Sequoia 15.7.1. Update to watchOS 26.1. Update to tvOS 26.1. Update to iOS 18.7.1. Update to iPadOS 18.7.1.