CVE-2025-43400: 
macOS vulnerability analysis and mitigation

CVE-2025-43400 is an out-of-bounds write vulnerability discovered in Apple's FontParser component. The vulnerability was disclosed on September 29, 2025, affecting multiple Apple operating systems including macOS, iOS, iPadOS, and visionOS. The issue exists in the font processing functionality across these platforms (Apple Advisory, NVD).

The vulnerability is classified as an out-of-bounds write issue (CWE-787) in the FontParser component. It received a CVSS v3.1 base score of 6.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The vulnerability can be triggered by processing a maliciously crafted font file, which may lead to unexpected application termination or memory corruption (NVD).

When exploited, the vulnerability can cause unexpected application termination or corrupt process memory. This affects various Apple devices including iPhone 11 and later, iPad Pro models, iPad Air 3rd generation and later, and Apple Vision Pro (Apple Advisory, Apple Vision).

Apple has addressed this vulnerability by implementing improved bounds checking in multiple security updates: macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1, iPadOS 26.0.1, iOS 18.7.1, and iPadOS 18.7.1. Users are advised to update their devices to these latest versions (Apple Advisory).