Apple Font Parser Vulnerability Allowing Memory Corruption Attacks

Apple has released a security update for macOS Sequoia 15.7.1 to address a serious vulnerability in its font parser.

The flaw, tracked as CVE-2025-43400, allows a maliciously crafted font file to trigger an out-of-bounds write.

Exploitation could cause unexpected application crashes or corrupt process memory on affected systems.

Apple patched this issue on September 29, 2025, as part of its Sequoia 15.7.1 update. While there are no reports of active exploitation, the vulnerability could be combined with other bugs to achieve remote code execution.

In line with Apple’s standard practice, details about this and other fixes are documented in the “Security Content of macOS Sequoia 15.7.1” document.

Apple discloses vulnerabilities by CVE identifier once patches are available. Users are advised to apply the update promptly to protect their systems.

Security content is also available for iOS, iPadOS, visionOS, and earlier macOS releases. The ...