Illustration of CVE-2025-43400 vulnerability: malicious font file icon triggering out-of-bounds write in Apple's parser, leading to memory corruption arrows toward app crash and RCE icons; macOS Sequoia update shield blocking the attack, with September 29

Apple patched a critical font parser vulnerability, CVE-2025-43400, in macOS Sequoia 15.7.1 on September 29, 2025, addressing an out-of-bounds write flaw that could cause app crashes or process memory corruption. Maliciously crafted font files from untrusted sources pose the risk, potentially chaining with other bugs for remote code execution—though no active exploits are reported.

Illustration of CVE-2025-43400 vulnerability: malicious font file icon triggering out-of-bounds write in Apple's parser, leading to memory corruption arrows toward app crash and RCE icons; macOS Sequoia update shield blocking the attack, with September 29Illustration of CVE-2025-43400 vulnerability: malicious font file icon triggering out-of-bounds write in Apple's parser, leading to memory corruption arrows toward app crash and RCE icons; macOS Sequoia update shield blocking the attack, with September 29

The fix is detailed in Apple's "Security Content of macOS Sequoia 15.7.1" document and applies to iOS, iPadOS, visionOS, and prior macOS versions. Apple discloses CVEs post-patch, urging immediate updates.

Users with auto-updates enabled will get it automatically; manual installers should go to System Settings > General > Software Update. Developers and admins can check Apple's security releases page for full CVE lists.

Illustration of CVE-2025-43400 vulnerability: malicious font file icon triggering out-of-bounds write in Apple's parser, leading to memory corruption arrows toward app crash and RCE icons; macOS Sequoia update shield blocking the attack, with September 29Illustration of CVE-2025-43400 vulnerability: malicious font file icon triggering out-of-bounds write in Apple's parser, leading to memory corruption arrows toward app crash and RCE icons; macOS Sequoia update shield blocking the attack, with September 29

This highlights risks in handling external fonts, which could lead to data corruption or system compromise. Organizations must enforce update policies across endpoints to mitigate CVE-2025-43400.
 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net