CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 26, 2026

CVE-2023-43000

High

EPSS 0.1%CISA KEV

Apple/Multiple Products

Description

Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.

EPSS — Exploit Probability

0.1%

Higher than 26.3% of all CVEs

Required Action

https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000

CVE-2023-43000

Description

EPSS — Exploit Probability

Required Action

Related Articles (7)

CISA warns feds to patch iOS flaws exploited in crypto-theft attacks

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Apple Updates Legacy iOS Versions to Patch Coruna Exploits

Apple patches older iPhones and iPads against Coruna exploits

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Risk Assessment

Details

Timeline

Affected Product

External Links