Primary

Context

Apple CoreGraphics and CoreText Vulnerability Allowing Memory Disclosure via Malicious Fonts

Vulnerability

Patched

A vulnerability exists in multiple Apple operating systems, including macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. This vulnerability arises from improper memory handling in the CoreGraphics and CoreText frameworks. When a maliciously crafted font is processed, it may lead to the unauthorized disclosure of process memory.

Impact

Exploitation of this vulnerability can result in the disclosure of process memory, potentially allowing for the extraction of sensitive information or the exploitation of other vulnerabilities that depend on memory access.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple CoreGraphics and CoreText Vulnerability Allowing Memory Disclosure via Malicious Fonts

Vulnerability

Impact

Affected Products

Apple macOS Ventura

Apple tvOS 18.4

Apple iPadOS 17.7.6

Apple iOS 18.4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating