[CIVN-2025-0234] Denial of Service Vulnerability in Apple Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Denial of Service Vulnerability in Apple Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Software Affected
Apple iOS / iPadOS versions prior to 18.7.1
Apple iOS / iPadOS versions prior to 26.0.1
Apple macOS Tahoe versions prior to 26.0.1
Apple macOS Sequoia versions prior to 15.7.1
Apple macOS Sonoma versions prior to 14.8.1
Apple visionOS versions prior to 26.0.1
Overview
A vulnerability has been reported in Apple products, which could be exploited by an attacker to cause denial of service conditions or corrupt process memory on the targeted system.
Target Audience:
All end-user organizations and individuals using Apple products.
Risk Assessment:
Medium risk of denial of service and data manipulation.
Impact Assessment:
Potential for application crashes, process instability, and service unavailability.
Description
This vulnerability exists in the FontParser component of Apple products due to an out-of-bounds write issue. A remote attacker could trigger the flaw by supplying or causing the system to process a maliciously crafted font.
Successful exploitation of this vulnerability could cause denial of service conditions on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://support.apple.com/en-us/125326
https://support.apple.com/en-us/125327
https://support.apple.com/en-us/125328
https://support.apple.com/en-us/125329
https://support.apple.com/en-us/125330
https://support.apple.com/en-us/125338
Vendor Information
Apple
https://support.apple.com/en-us/125326
https://support.apple.com/en-us/125327
https://support.apple.com/en-us/125328
https://support.apple.com/en-us/125329
https://support.apple.com/en-us/125330
https://support.apple.com/en-us/125338
References
Apple
https://support.apple.com/en-us/125326
https://support.apple.com/en-us/125327
https://support.apple.com/en-us/125328
https://support.apple.com/en-us/125329
https://support.apple.com/en-us/125330
https://support.apple.com/en-us/125338
CVE Name
CVE-2025-43400
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjdP9EACgkQ3jCgcSdc
ys87/Q/+Idvv86cyBzQAgH6KnnCwyAIppPl9bhPS9uvKlbAPlwh8Oo/Dtw/ETxtE
GQL0dyMxRJiIVVcg/1g00KI72bfBOeLszXopnxlwbdx/BqfAhVmsiQrLkItIgMug
PyxSqKt+fx87eu5US6/Lck+wsCC8hUjBUKw3+E0TPwnlknCeeSvGbFSymauLho/w
6vLVo125ks3sjJDVEcJ4Ui0V2bv6/FFh7JzF9G5iSdYgrpFmkc7dyqbQ5EwahwsA
cpWWd3WYZyBWlsk4R52Lumc6l6C81SRBmj0GYuY4UBRflsnk9zbn8T5rsJDdv4Xl
Nq7oiH/60oobvmviIs2/fIePZaCMfFD1ZtuqETL0PyIHOF5WHmRUUZ7pUkFP1tQf
1y+PQQw7jK32vysFhNV+oV7+YKnXsce2iULszAp0hYO0d0j7x1Spr9hoqIFTbTrV
wN/byLfiYjMlGyzrCPNP59tmP6gyw5ysx1RpD5W/g3DBy44yVGPXssBdYOfJTOEV
L8U8E7XAoRWpDoi306AsP8BRBqnBx2Wbcnpq9sMLm5s0Af8jF5opyquambccZit2
+6Wv4Epfob+ddLc5XM9gDSBWM/0fUcqhfZsrj7FdgicZIMC7JBg90MwQuKZRvNKi
rLqcopfikkysKZzTtMAuczgR0JSJEwDJ937hV4/rmDAKrxvoLKo=
=VruI
—–END PGP SIGNATURE—–