{“lastseen”:”2025-09-30T12:18:18″,”description”:”Apple has released important security updates to address a critical vulnerability in _FontParser_ \u2014the part of MacOS\/iOS\/iPadOS that processes fonts.\\n\\nIdentified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution.\\n\\nWhile Apple hasn\u2019t said it\u2019s being actively exploited, similar bugs have been used in jailbreaks and spyware attacks in the past, so it\u2019s smart to patch it promptly.\\n\\n## How to update your devices\\n\\n### **How to update your iPhone or iPad**\\n\\nFor iOS and iPadOS users, you can check if you\u2019re using the latest software version, go to **Settings \\u003e General \\u003e Software Update**. It\u2019s also worth turning on Automatic Updates if you haven\u2019t already. You can do that on the same screen.\\n\\n\\n\\n### ****How to update macOS on any version****\\n\\nTo update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:\\n\\n * Click the Apple menu in the upper-left corner of your screen.\\n * Choose **System Settings** (or **System Preferences** on older versions).\\n * Select **General** in the sidebar, then click **Software Update** on the right. On older macOS, just look for **Software Update** directly.\\n * Your Mac will check for updates automatically. If updates are available, click **Update Now** (or **Upgrade Now** for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.\\n * Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).\\n * Make sure your Mac stays plugged in and connected to the internet until the update is done.\\n\\n\\n\\n### **How to update Apple Watch**\\n\\n * Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi.\\n * Keep your Apple Watch on its charger and close to your iPhone.\\n * Open the Watch app on your iPhone.\\n * Tap **General \\u003e Software Update**.\\n * If an update appears, tap **Download and Install**.\\n * Enter your iPhone passcode or Apple ID password if prompted.\\n\\n\\n\\nYour Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.\\n\\n### **How to update Apple TV**\\n\\n * Turn on your Apple TV and make sure it\u2019s connected to the internet.\\n * Open the Settings app on Apple TV.\\n * Navigate **to System \\u003e Software Updates**.\\n * Select **Update Software**.\\n * If an update appears, select **Download and Install**.\\n\\n\\n\\nThe Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.\\n\\n## Updates for your particular device\\n\\n**Name and information link**| **Available for** \\n—|— \\niOS 26.0.1 and iPadOS 26.0.1| iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later \\niOS 18.7.1 and iPadOS 18.7.1| iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later \\nmacOS Tahoe 26.0.1| macOS Tahoe \\nmacOS Sequoia 15.7.1| macOS Sequoia \\nmacOS Sonoma 14.8.1| macOS Sonoma \\nvisionOS 26.0.1| Apple Vision Pro \\nwatchOS 26.0.2 no published CVE entries.| Apple Watch Series 6 and later \\ntvOS 26.0.1 no published CVE entries.| Apple TV HD and Apple TV 4K (all models) \\n \\n## Technical details\\n\\nThe vulnerability tracked as CVE-2025-43400 was described as an out-of-bounds write issue in FontParser that, when exploited, could cause the processing of a maliciously crafted font to lead to unexpected app termination or corrupt process memory.\\n\\nAn out-of-bounds write vulnerability means that the attacker can manipulate parts of the device\u2019s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.\\n\\nTypically, fonts are safe and standardized files used daily in countless apps and websites, but due to this vulnerability an attacker can create a specially crafted font file containing manipulated data that exploits vulnerabilities in the font processing engine of the operating system. When this malicious font is loaded by an app or system process, it can trigger memory corruption or crashes. In worst-case scenarios, this can enable attackers to execute harmful code remotely, gaining control over the device.\\n\\nGiven that fonts are widely used and often processed silently in the background, font vulnerabilities pose a significant risk vector for attackers aiming to compromise devices.\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-09-30T11:01:18″,”modified”:”2025-09-30T11:01:18″,”type”:”malwarebytes”,”title”:”Apple fixes critical font processing bug. Update now!”,”source”:””,”references”:””,”id”:”MALWAREBYTES:E660C0D0854F3A24B7C5A60D266F5D2A”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-43400″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:6.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/09\/apple-fixes-critical-font-processing-bug-update-now”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-30T12:18:18″,”description”:”Apple has released important security updates to address a critical vulnerability in _FontParser_ \u2014the part of MacOS\/iOS\/iPadOS that processes fonts.\\n\\nIdentified as CVE-2025-43400, the flaw was…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,23,12,115,21,13,7,11,5],"class_list":["post-19691","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-63","tag-exploit","tag-malwarebytes","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n