CVE-2025-43400
BaseFortify
Publication date: 2025-09-29
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 18.7.1 (exc) |
| apple | ipados | 26.0 |
| apple | iphone_os | to 18.7.1 (exc) |
| apple | iphone_os | 26.0 |
| apple | macos | From 14.0 (inc) to 14.8.1 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.1 (exc) |
| apple | macos | 26.0 |
| apple | visionos | to 26.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds write issue in the FontParser component of various Apple operating systems. It occurs when processing a maliciously crafted font, which can cause unexpected application termination or corruption of process memory. The issue was fixed by improving bounds checking to prevent these out-of-bounds writes. [1, 2, 3, 4, 5, 6]
How can this vulnerability impact me? :
If exploited, this vulnerability could cause applications to unexpectedly terminate or lead to corruption of process memory, potentially affecting the stability and security of your device when processing malicious fonts. [1, 2, 3, 4, 5, 6]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your Apple devices to the fixed versions: macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, or iOS 18.7.1 and iPadOS 18.7.1. These updates include improved bounds checking in the FontParser component to prevent out-of-bounds writes caused by maliciously crafted fonts. [1, 2, 3, 4, 5, 6]