Apple has released important security updates to address a critical vulnerability in FontParser—the part of MacOS/iOS/iPadOS that processes fonts.
Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution. While Apple hasn’t said it’s being actively exploited, similar bugs have been used in jailbreaks and spyware attacks in the past, so it’s smart to patch it promptly.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Banking Apps Found Vulnerable to MITM Attacks
December 7, 2017
Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Computer Science at the University of Birmingham that found the flaw, the vulnerability impacted nine apps belonging ...
- RSA coughs to critical-rated bug in its authentication SDK
December 3, 2017
RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Agent for Web for Apache Web Server”. If the authentication agent is configured to use UDP there’s ...
- MacOS security flaw grants admin access to anyone
November 28, 2017
Apple, Apple, Apple. What are we going to do with you? In your most recent High Sierra macOS release, it turns out you’ve given a way for any local user to take over a Mac — lock, stock, and two smoking barrels. This exploit doesn’t require any mad NSA-type hacker skillz. All you have to do is go ...
- HP patches severe code execution bug in enterprise printers
November 23, 2017
HP has issued firmware patches to fix a security flaw which allowed attackers to perform remote code execution attacks on enterprise-grade printers. FoxGlove Security researchers issued an advisory disclosing the technical details of the bug, CVE-2017-2750, earlier this week. The team tested out HP’s PageWide Enterprise Color MFP 586 and the HP Color LaserJet Enterprise M553 models, and found they ...
- Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities
November 16, 2017
Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected include Oracle PeopleSoft ...
- Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices
November 15, 2017
Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo. As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and ...