Medium

Out-of-bounds write in Apple FontParser

IdentifiersCVE-2025-43400CWE-787· Out-of-bounds Write

CVE-2025-43400 is an out-of-bounds write vulnerability in Apple’s FontParser component affecting multiple Apple operating systems. According to the provided content, the flaw is triggered when the system or an application processes a maliciously crafted font. Apple states the issue was addressed through improved bounds checking. The vulnerable condition can lead to memory corruption during font parsing, causing unexpected application termination or corruption of process memory. Affected platforms mentioned in the content include iOS 18.7.1 and earlier, iPadOS 18.7.1 and earlier, iOS 26.0.1 and earlier, iPadOS 26.0.1 and earlier, macOS Sequoia 15.7.1 and earlier, macOS Sonoma 14.8.1 and earlier, macOS Tahoe 26.0.1 and earlier, tvOS 26.1 and earlier, visionOS 26.0.1 and earlier, and watchOS 26.1 and earlier.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation may cause denial of service via unexpected app termination and may corrupt process memory. Based on the provided reporting, memory corruption could potentially be leveraged for arbitrary code execution, although Apple’s primary stated impact is app termination or process memory corruption. No evidence of in-the-wild exploitation is provided in the supplied content.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure to untrusted fonts and untrusted content that may automatically load embedded fonts, and limit opening attacker-controlled documents, media, or web content in vulnerable applications. Because the provided content does not include vendor-specific temporary workarounds, no definitive mitigation beyond prompt patching is currently available.

Remediation

Patch, then assume compromise.

Apply Apple security updates that fix CVE-2025-43400. The provided content states the issue is fixed in iOS 18.7.1, iPadOS 18.7.1, iOS 26.0.1, iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, and watchOS 26.1. Remediation is the vendor-supplied patch implementing improved bounds checking in FontParser.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

AppleIpadosoperating_system

AppleIphone Osoperating_system

AppleMacosoperating_system

AppleVisionosoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

41 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

41 SOURCESView more in app

the hacker newsNews

Oct 6, 2025

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

A critical vulnerability affecting multiple Apple operating systems, details not specified in the content.

securityaffairsNews

Oct 1, 2025

Apple urges users to update iPhone and Mac to patch font bug

An out-of-bounds write vulnerability in Apple’s FontParser component that can be triggered by processing a maliciously crafted font, potentially leading to denial-of-service, memory corruption, or arbitrary code execution.

malwarebytes labsNews

Sep 30, 2025

Apple fixes critical font processing bug. Update now!

A critical out-of-bounds write vulnerability in Apple's FontParser component affecting macOS, iOS, iPadOS, and related products. Exploitation could allow arbitrary code execution via a maliciously crafted font file.

apple supportNews

Sep 29, 2025

About the security content of iOS 26.0.1 and iPadOS 26.0.1 - Apple Support

An out-of-bounds write vulnerability in Apple software where processing a maliciously crafted font may cause unexpected app termination or corrupt process memory.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity37

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-43400

NVD

nvd.nist.gov/vuln/detail/CVE-2025-43400

MITRE CWE · CWE-787

Out-of-bounds Write

seclists.org

seclists.org/fulldisclosure/2025/Sep/73

seclists.org

seclists.org/fulldisclosure/2025/Sep/76

seclists.org

seclists.org/fulldisclosure/2025/Sep/78

support.apple.com

support.apple.com/en-us/125326

support.apple.com

support.apple.com/en-us/125327

support.apple.com

support.apple.com/en-us/125328

support.apple.com

support.apple.com/en-us/125329

support.apple.com

support.apple.com/en-us/125330

support.apple.com

support.apple.com/en-us/125338

+2 more references

view more in app