- Description
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
- Source
- product-security@apple.com
- NVD status
- Modified
- Products
- ipados, iphone_os, macos, visionos
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-787
- Hype score
- Not currently trending
Reported this bug to Apple weeks ago before Security Update — marked “not a security issue.” Now it’s fixed in iOS 26.0.1 (CVE-2025-43400). No credit, no payout. 🤷♂️ #BugBounty #iOS Thank you #Apple https://t.co/B0LGJqlCFk
@DMehtenvie88202
6 Oct 2025
0 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 iOS 26.0.1 is out: bug + security fix TL;DR • Fixes Wi-Fi/Bluetooth dropouts on iPhone 17/Air • Addresses camera artifacts + cellular issues • Includes security patch (FontParser, CVE-2025-43400) — update now Technical details (for power users) • Release: Sept 29
@mobilengineer
5 Oct 2025
179 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
修正された脆弱性はCVE番号ベースで1件。 CVE-2025-43400 フォントパーサーにおける境界外書き込みの欠陥 「iOS 26.0.1」「iPadOS 26.0.1」が公開 ~ネットワークの問題や脆弱性に対処、iPhone 17の複数の問題にも対処 -
@haeretics
4 Oct 2025
365 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patches critical font parser flaw CVE-2025-43400 across platforms. Rising threats include Gemini AI risks, Medusa ransomware targeting Asahi, and state-backed phishing by APT35. Enforcement hits Bitcoin Queen. #Japan #GeminiAI #BitcoinQueen https://t.co/xwlrhNDbQt
@TweetThreatNews
1 Oct 2025
451 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple закрыла в iOS/iPadOS/macOS 26.0.1 вредоносную уязвимость Компания поделилась документом Поддержки о том, что была устранена уязвимость по части функции FontParser
@aaplpro
30 Sept 2025
757 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🍏 Security Update for Apple OS! 🔹 A critical vulnerability (CVE-2025-43400) was found in FontParser. 🔹 A malicious font could cause unexpected app crashes or memory damage. 🔹 Apple has patched this issue in iOS / iPadOS / macOS 26.0.1 and strongly recommends updating
@Solmeenaa
30 Sept 2025
186 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🍏 آپدیت امنیتی برای سیستمعاملهای اپل! 🔹 یه حفره امنیتی خطرناک (CVE-2025-43400) توی بخش پردازش فونت یا همون FontParser پیدا شده بود. 🔹 این باگ میتونست با یه فونت
@AppleFarsii
30 Sept 2025
7401 Impressions
0 Retweets
59 Likes
9 Bookmarks
6 Replies
1 Quote
⚠️ CVE-2025-43400: #Apple risolve una vulnerabilità critica nell'elaborazione dei font. 🔗 https://t.co/hQ4EQ2Fxhy Aggiornare. https://t.co/8lAK96jG0V
@sonoclaudio
30 Sept 2025
322 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Breaking down the patch for CVE-2025-43400, a FontParser vulnerability in the latest macOS Tahoe and iOS 26.0.1 update. The issue: A malicious font could cause an out-of-bounds write, leading to memory corruption. Let's look at the fix. 🧵
@minacrissDev_
30 Sept 2025
883 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Prawdopodobnie złośliwe fonty mogą być wykorzystywane w atakach na użytkowników iPhone-ów. Aktualizujcie się do iOS 18.7.1 CVE-2025-43400: "Impact: Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory"
@Sekurak
30 Sept 2025
5550 Impressions
12 Retweets
44 Likes
7 Bookmarks
1 Reply
1 Quote
Apple releases iOS 26.0.1 & iPadOS 26.0.1! Fixes CVE-2025-43400 in FontParser, preventing app crashes & memory corruption with improved bounds checking. Update now to stay secure! #iOS26 #Apple #SecurityUpdate Source: https://t.co/TJstykccmn
@meet_cipher
30 Sept 2025
543 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple Patches Single Vulnerability CVE-2025-43400, (Mon, Sep 29th) https://t.co/uNM8HQ4oYV #SANS #Cybersecurity https://t.co/KsRZOH0uTv
@PoseidonTPA
29 Sept 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43400 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, vision… https://t.co/ZP4kKnxrob
@CVEnew
29 Sept 2025
235 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79FB7B26-6049-4918-A1B2-60563ABE6D2A",
"versionEndExcluding": "18.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4173F942-2CF6-447E-A942-948F6EF6CE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC6C4E6-522F-463A-97B7-BD6F973415AF",
"versionEndExcluding": "18.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E29A276A-7091-42B2-B893-6A5801A0716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C7BB5-172D-4BBE-90CF-0FCBC72A2193",
"versionEndExcluding": "14.8.1",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF57375-8F19-4CEB-B244-607C4F20AE5A",
"versionEndExcluding": "15.7.1",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "551159EE-8311-4A13-802D-85871DAB5E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA1AF0-1A5A-4B3D-A2BA-0C6B98884795",
"versionEndExcluding": "26.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]