Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 16, 2023

CVE-2023-38606

High
EPSS 0.1%CISA KEV
Apple/Multiple Products

Description

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.

EPSS — Exploit Probability

0.1%

Higher than 28.8% of all CVEs

Required Action

https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213842, https://support.apple.com/en-us/HT213843,https://support.apple.com/en-us/HT213844,https://support.apple.com/en-us/HT213845,https://support.apple.com/en-us/HT213846,https://support.apple.com/en-us/HT213848 ; https://nvd.nist.gov/vuln/detail/CVE-2023-38606

Related Articles (5)

Industry News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.

Mar 4, 2026

Industry News

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks

Mar 12, 2026

Malware & Threats

Coruna iOS exploit framework linked to Triangulation attacks

The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits.

Mar 26, 2026

Industry News

Coruna iOS Exploit Kit Likely an Update to Operation Triangulation

Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago.

Mar 27, 2026

Industry News

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

Coruna reuses Triangulation kernel exploits targeting iOS 13–17.2.1 devices, expanding attacks into mass exploitation campaigns.

Mar 26, 2026

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
0.1%
CISA KEV
Yes
Ransomware
Unknown
Articles
5

Timeline

Published

Jul 26, 2023

Added to KEV

Jul 26, 2023

Remediation Due

Aug 16, 2023

Affected Product

Apple

Multiple Products

View all Apple CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE