Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 26, 2026

CVE-2023-41974

High
EPSS 0.7%CISA KEV
Apple/iOS and iPadOS

Description

Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.

EPSS — Exploit Probability

0.7%

Higher than 71.8% of all CVEs

Required Action

https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974

Related Articles (7)

Malware & Threats

CISA warns feds to patch iOS flaws exploited in crypto-theft attacks

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

Mar 6, 2026

Industry News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.

Mar 4, 2026

Industry News

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks

Mar 12, 2026

Vulnerabilities

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Mar 5, 2026

Industry News

Apple Updates Legacy iOS Versions to Patch Coruna Exploits

The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.

Mar 12, 2026

Malware & Threats

Apple patches older iPhones and iPads against Coruna exploits

​Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

Mar 12, 2026

Industry News

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple fixes WebKit CVE-2026-20643 in iOS 26.3.1, macOS 26.3.2 using background patches, reducing exploit risk.

Mar 18, 2026

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
0.7%
CISA KEV
Yes
Ransomware
Unknown
Articles
7

Timeline

Published

Mar 5, 2026

Added to KEV

Mar 5, 2026

Remediation Due

Mar 26, 2026

Affected Product

Apple

iOS and iPadOS

View all Apple CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE