Apple has released urgent software updates for iPhones, iPads, Macs, and other devices to fix a serious vulnerability in the font parser that could cause apps to crash or memory to become corrupted.
Quick Summary – TLDR:
- Apple fixed a critical font vulnerability (CVE-2025-43400) in iOS, macOS, visionOS, and more
- The bug could be triggered remotely via a document, website, or email containing a malicious font
- It affects both new and old devices, including those on macOS Sequoia, Sonoma, and iOS 18
- Apple advises all users to update immediately to protect against potential crashes or memory issues
What Happened?
Apple discovered and patched a medium-severity vulnerability in its FontParser component, identified as CVE-2025-43400. This bug could allow attackers to craft a malicious font file that, when opened, causes apps to crash or corrupt system memory. While there’s no evidence it has been exploited in the wild, security experts warn it could be combined with other flaws to perform more serious attacks.
Along with iOS 26.0.1, Apple also released
— Aaron Zollo (@zollotech) September 29, 2025
iPadOS 26.0.1
macOS 26.0.1
tvOS 26.0.1
HomePod OS 26.0.1
visionOS 26.0.1
watchOS 26.0.1 pic.twitter.com/m3dNrUTWQq
A Widespread Fix Covering All Apple Platforms
Apple released patches on September 29, 2025, to address this issue across nearly all its software platforms. The flaw, an out-of-bounds write vulnerability, could be triggered by simply opening a document or web page that includes a specially crafted font file.
Devices and platforms receiving the fix include:
- iOS 26.0.1, iPadOS 26.0.1
- macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1
- iOS 18.7.1, iPadOS 18.7.1
- visionOS 26.0.1
The patch is also included in updates to Safari 26 and Xcode 26, which address other vulnerabilities such as address bar spoofing (CVE-2025-43327) and call history fingerprinting (CVE-2025-43357).
Apple did not indicate that any of the issues are currently being exploited, but experts advise immediate action. According to Adam Boynton, senior security strategy manager at Jamf, “The flaw could be triggered by a malicious font delivered via a document, email attachment, or web content, and may lead to unexpected application termination or memory corruption.”
How to Update Your Devices?
Apple users can check for updates manually if automatic updates are disabled. Here’s how:
For iPhones and iPads:
- Go to Settings > General > Software Update
- Enable Automatic Updates if not already active
For Macs:
- Click the Apple menu > System Settings > General > Software Update
- On older macOS versions, look for Software Update in System Preferences
For Apple Watch:
- Open the Watch app on your iPhone
- Tap General > Software Update
- Make sure your Watch is on the charger and near your iPhone
For Apple TV:
- Go to Settings > System > Software Updates > Update Software
All these updates are designed to patch the vulnerability before attackers can take advantage of it. Devices set to update automatically will receive the fix soon, but Apple urges those with manual settings to act quickly.
Why This Font Bug Matters?
The CVE-2025-43400 vulnerability highlights a key risk in something as seemingly harmless as a font file. Fonts can contain code that, when mishandled by an operating system’s parser, can crash applications or even lead to deeper system compromises. Apple’s fix ensures that such risky files cannot trigger out-of-bounds memory issues.
Even though this specific bug does not currently allow remote code execution by itself, researchers note it could be paired with other flaws to create more advanced exploits. That’s why security teams are urging both individuals and organizations to apply the updates without delay.
SQ Magazine Takeaway
I always tell people not to skip those “minor” updates Apple pushes out, and this is exactly why. Something as simple as a font file could crash your device or worse. This is one of those bugs that doesn’t look scary until you realize it can be weaponized. If you’re someone who opens email attachments, browses the web, or reads documents on your Apple device (so, basically everyone), then this fix is for you. Go update your gear now. It takes five minutes and can save you hours of headache later.
