Apple has released important security updates to address a critical vulnerability in FontParser—the part of MacOS/iOS/iPadOS that processes fonts.
Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution. While Apple hasn’t said it’s being actively exploited, similar bugs have been used in jailbreaks and spyware attacks in the past, so it’s smart to patch it promptly.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
November 14, 2017
You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all ...
- Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask
November 13, 2017
Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during ...
- Experts working with Homeland Security hacked into Boeing 757
November 10, 2017
There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...
- Intel’s management engine – in most CPUs since 2008 – can be p0wned over USB
November 9, 2017
Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”. For ...
- Evil pixels: researcher demos data-theft over screen-share protocols
November 9, 2017
It’s the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. The idea comes from Pen Test Partners’ Alan Monie, taking a break from sex toy hacks and wondering how to get data over a connection like RDP (remote desktop protocol) when the target had blocked file transfer ...
- Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit
November 8, 2017
Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device ...