Apple has recently released a significant set of security updates across its various platforms, aimed at addressing a vulnerability related to the system font parser. This update spans iOS, iPadOS, macOS, visionOS, watchOS, and tvOS, underscoring the company’s commitment to user safety.
The core of this update resolves an out-of-bounds write vulnerability identified as CVE-2025-43400. This flaw in Apple’s font parser has the potential to allow a improperly crafted font to crash applications or corrupt memory on the affected devices.
Although there have been no known instances of this vulnerability being exploited yet, security professionals caution that it could serve as an entry point for more severe attacks if used in conjunction with other vulnerabilities, potentially leading to remote code execution.
Platforms Affected by the Apple Security Update
Apple’s security update covers a broad array of its devices, ensuring that many users benefit from enhanced protection:
- iOS 26.0.1 and iPadOS 26.0.1 – This update applies to the iPhone 11 and newer, iPad Pro 12.9-inch 3rd generation and newer, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and newer, iPad 8th generation and newer, and iPad mini 5th generation and newer.
- iOS 18.7.1 and iPadOS 18.7.1 – These versions are for iPhone XS and later models, including the iPad Pro 13-inch and newer.
- macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, and macOS Sonoma 14.8.1 – These updates are geared towards various Mac models.
- visionOS 26.0.1 – Specifically for the Apple Vision Pro.
- watchOS 26.0.2 – Targeted at Apple Watch Series 6 and newer.
- tvOS 26.0.1 – This version is available for Apple TV HD and Apple TV 4K models.
Technical Details of Apple’s Fix
The vulnerability arises from insufficient bounds checking in the font parser, which can be exploited when a specially crafted font file is processed. The updates, rolled out on September 29, 2025, boost bounds checking measures to thwart out-of-bounds memory access, significantly enhancing device stability.
This fix has been uniformly applied across all impacted operating systems, providing consistent protection for users on iOS, iPadOS, macOS, and visionOS. For watchOS and tvOS, updates were issued as well, although no specific Common Vulnerabilities and Exposures (CVE) listings were announced for these platforms during this update cycle.
Importance of the Update
Historically, vulnerabilities related to font parsers pose a considerable security challenge, as systems frequently process font files automatically. This creates a subtle attack vector that can be exploited by malicious actors. By promptly addressing this flaw, Apple takes a proactive stance to reduce the likelihood of memory corruption attacks that could jeopardize application performance or lead to more serious security incidents.
How to Access the Update
All of the above updates became available on September 29, 2025. Users who have enabled automatic updates will receive the patches without taking further action. Those who prefer to manage updates manually should head to System Settings > General > Software Update on their devices to download and install the latest versions, including macOS Sequoia 15.7.1 and the respective iOS and iPadOS releases.
A Reminder for Users
Apple has not specified any further actions required from users beyond applying these updates. Nonetheless, it is always wise for users to remain current with security updates to protect against vulnerabilities effectively. This series of patches emphasizes the importance of timely software maintenance within the Apple ecosystem, particularly for users of iOS, iPadOS, and macOS devices.
