苹果发布iOS 26.0.1等更新修复安全漏洞,影响多个操作系统版本及旧版系统。该漏洞涉及字体解析器,可能导致应用终止或内存损坏,尚未被利用。 2025-9-29 20:28:54 Author: isc.sans.edu(查看原文) 阅读量:9 收藏
It is typical for Apple to release a ".0.1" update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The security vulnerability not only affects the "26" releases of iOS and macOS, but also older versions. Apple released fixes for iOS 18 and 26, as well as for macOS back to Sonoma (14). Apple also released updates for WatchOS and tvOS, but these updates do not address any security issues. For visionOS, updates were only released for visionOS 26.
The vulnerability affects the Font Parser. A malicious font may lead to app termination or corrupt process memory. It is not clear if this is exploitable for remote code execution. The vulnerability has not been exploited so far.
For consistency, I am including our usual Apple Patch Table.
| iOS 26.0.1 and iPadOS 26.0.1 | iOS 18.7.1 and iPadOS 18.7.1 | macOS Tahoe 26.0.1 | macOS Sequoia 15.7.1 | macOS Sonoma 14.8.1 | visionOS 26.0.1 |
|---|---|---|---|---|---|
| CVE-2025-43400: Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory. Affects FontParser |
|||||
| x | x | x | x | x | x |
--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
如有侵权请联系:admin#unsafe.sh