Apple put forward the first security update for its last iPhone, iOS 26 operating system, correcting the unified vulnerability of the average and retrieval, the prescribed designation CVE-2025-43400Touching the Apple Fontparser, the component in Apple operating systems, which provides font processing.
“Fontparser is a system that interprets font files, so the characters can be interpreted between applications, documents and the Internet,” said Silven Cortes, vice president of strategy in HackingSafety specialist. “Since these files are often loaded automatically from documents, emails or websites, vulnerabilities are a high risk here,” he explained.
CVE-2025-43400 is the problem of recording that is operated when a vulnerable device processes a maliciously created font, which is seemingly a benign part of the content. Touched devices may experience unexpected behavior, such as a sudden completion of the application or damage to the process of process.
While applications are more often irritated than risky, corruption of the process of the process is especially dangerous, since, given the correct circumstances, it can form an element of the attack chain, which leads to behavior that can allow the attacked unauthorized access to the system, data about the Exfiltrate or even remote code execution (RCE).
According to Johannes Ullrich from Sans Technology InstituteIt is unclear whether the CVE-2025-43400 is for RCE, but there is a chance that the successful operation of the CVE-2025-43400 can lead to extortion attacks.
In a typical announcement of naked bones-Apple, it does not offer many details about vulnerability in their mobile products so that they are not used, so as to aim at its extensive base-supplier does not give any signs of whether CVE-2015-43400 is used in the wild.
Historically, many safety vulnerabilities found in the Apple mobile operating system had a significant impact, and many of them were armed with targeted espionage and supervision of the creators of espionage programs and unpleasant governments.
“Although there was no active operation in the wild, users and enterprises should immediately apply the latest updates on all Apple devices to minimize the effects of attacks,” said Cortes.
Adam Boynton, Senior EMEIA Safety Manager at Apple Management Management JamHe repeated this opinion and called on security managers not to put a false sense of complacency.
“Since the problem can cause servicing malfunctions or undermine the stability of the system, we strongly recommend updating iOS 26.0.1 at the very early convenience,” he said. “Organizations should guarantee that the fleet devices are maintained in the current state, ensure compliance with the requirements and monitoring the status of deployment of OS updates.”
The update accepts iOS 26 for version 26.0.1, and, as usual, users whose devices were not automatically used can find it by switching to the settings of their device, followed by a total software update, as well as load and install.
CVE-2025-43400 is also recorded in iOS 18.7.1, iPados 26.0.1 and 18.7.1, MacOS Sequoia 15.7.1, MacOS Sonoma 14.8.1, MacOS Tahoe 26.01.1 and Visionos 26.0.1.
Benign errors
Apple fell iOS on September 15, 2025, and, in addition to fixing security, the new update is also addressed to some more benign, Although disappointing errorsIncluding the problems with Bluetooth, 5G and Wi-Fi Connecting to certain models, as well as problems with the application icons and the device cameras.
