The flaw is an out‑of‑bounds write in the font parsing component of Apple operating systems. When a maliciously crafted font file is processed, the insufficient bounds checking allows a write beyond the allocated buffer, which can lead to application termination or corruption of process memory. The vulnerability is classified as CWE-787 and can cause denial‑of‑service via crash or memory damage.

The vulnerability affects Apple operating systems that have not been updated to the fixed releases. It exists in earlier versions of iOS, iPadOS, macOS, tvOS, visionOS, and watchOS prior to the enhancements in iOS 18.7.1 or 26.0.1, iPadOS 18.7.1 or 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, and watchOS 26.1. Devices running those older versions could be impacted by loading a malicious font file.

The CVSS score of 6.3 indicates moderate severity, while an EPSS score of 6% signals that the risk of exploitation is currently moderate but not negligible. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local: an attacker would need to supply a crafted font file that an application processes, such as within a document or web page that triggers font rendering. Devices running earlier, unpatched OS versions remain at risk. Successful exploitation would result in application crash or memory corruption.