--- title: "iOS and macOS Updates Fix Dangerous Font Bug That Can Crash Apps" date: 2025-09-30 author: "Sofia Ramirez" featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2025/09/apple-releases-macos-and-ios-updates-for-security-issues.jpg" categories: - name: "Technology" url: "/technology.md" tags: - name: "News" url: "/tag/news.md" --- # iOS and macOS Updates Fix Dangerous Font Bug That Can Crash Apps Apple has released urgent software updates for iPhones, iPads, Macs, and other devices to fix a serious vulnerability in the font parser that could cause apps to crash or memory to become corrupted. ## Quick Summary – TLDR: - Apple fixed a critical font vulnerability (CVE-2025-43400) in iOS, macOS, visionOS, and more - The bug could be triggered remotely via a document, website, or email containing a malicious font - It affects both new and old devices, including those on macOS Sequoia, Sonoma, and iOS 18 - Apple advises all users to update immediately to protect against potential crashes or memory issues ## What Happened? Apple [discovered and patched](https://support.apple.com/en-us/125329) a **medium-severity vulnerability in its FontParser component**, identified as CVE-2025-43400. This bug could allow attackers to craft a malicious font file that, when opened, causes apps to crash or corrupt system memory. While there’s no evidence it has been exploited in the wild, security experts warn it could be combined with other flaws to perform more serious attacks. > Along with iOS 26.0.1, Apple also released > > iPadOS 26.0.1 > macOS 26.0.1 > tvOS 26.0.1 > HomePod OS 26.0.1 > visionOS 26.0.1 > watchOS 26.0.1 [pic.twitter.com/m3dNrUTWQq](https://t.co/m3dNrUTWQq) > > — Aaron Zollo (@zollotech) [September 29, 2025](https://twitter.com/zollotech/status/1972716117295538686?ref_src=twsrc%5Etfw) ## A Widespread Fix Covering All Apple Platforms Apple released patches on **September 29, 2025**, to address this issue across nearly all its software platforms. The flaw, an out-of-bounds write vulnerability, could be triggered by simply opening a document or web page that includes a specially crafted font file. **Devices and platforms receiving the fix include:** - **iOS 26.0.1, iPadOS 26.0.1** - **macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1** - **iOS 18.7.1, iPadOS 18.7.1** - **visionOS 26.0.1** The patch is also included in updates to **Safari 26** and **[Xcode 26](https://sqmagazine.co.uk/xcsset-macos-malware-xcode-variant/)**, which address other vulnerabilities such as **address bar spoofing ([CVE-2025-43327](https://support.apple.com/en-us/125113))** and **call history fingerprinting ([CVE-2025-43357](https://support.apple.com/en-us/125110))**. [Apple](https://sqmagazine.co.uk/apple-statistics/) did not indicate that any of the issues are currently being exploited, but **experts advise immediate action**. According to Adam Boynton, senior security strategy manager at Jamf, “The flaw could be triggered by a malicious font delivered via a document, email attachment, or web content, and may lead to unexpected application termination or memory corruption.” ## How to Update Your Devices? Apple users can check for updates manually if automatic updates are disabled. Here’s how: **For iPhones and iPads:** - Go to **Settings > General > Software Update** - Enable **Automatic Updates** if not already active **For Macs:** - Click the **Apple menu > System Settings > General > Software Update** - On older macOS versions, look for **Software Update** in **System Preferences** **For Apple Watch:** - Open the **Watch app** on your iPhone - Tap **General > Software Update** - Make sure your Watch is on the charger and near your iPhone **For Apple TV:** - Go to **Settings > System > Software Updates > Update Software** All these updates are designed to patch the vulnerability before attackers can take advantage of it. Devices set to update automatically will receive the fix soon, but Apple urges those with manual settings to act quickly. ## Why This Font Bug Matters? The **CVE-2025-43400 vulnerability** highlights a key risk in something as seemingly harmless as a font file. Fonts can contain code that, when mishandled by an operating system’s parser, can crash applications or even lead to deeper system compromises. Apple’s fix ensures that such risky files cannot trigger out-of-bounds memory issues. Even though this specific bug does not currently allow remote code execution by itself, researchers note it could be paired with other flaws to create more advanced exploits. That’s why security teams are urging both individuals and organizations to apply the updates without delay. ## SQ Magazine’s Takeaway I always tell people not to skip those “minor” updates Apple pushes out, and this is exactly why. Something as simple as a **font file could crash your device** or worse. This is one of those bugs that doesn’t look scary until you realize it can be weaponized. If you’re someone who opens email attachments, browses the web, or reads documents on your Apple device (so, basically everyone), then this fix is for you. Go update your gear now. It takes five minutes and can save you hours of headache later.