- Description
- A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple iOS and iPadOS Use-After-Free Vulnerability
- Exploit added on
- Mar 5, 2026
- Exploit action due
- Mar 26, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
The Coruna iOS exploit kit combines WebKit vulnerabilities with kernel exploits to achieve full device compromise. Attackers chain CVE-2023-41974 and CVE-2021-30952 for zero-click attacks via iMessage, then move laterally within devices to exfiltrate financial data and personal
@aviatrixtrc
27 Mar 2026
62 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 BREAKING: CISA adds FIVE new vulnerabilities to its Known Exploited Vulnerabilities Catalog! 🚨 🔍 CVE-2017-7921: Hikvision Improper Authentication 🔍 CVE-2021-22681: Rockwell Insufficient Protected Credentials 🔍 CVE-2021-30952: Apple Integer Overflow 🔍 CVE-2023
@NewsNerdie
17 Mar 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2023-41974: Vulnerabilidad Use-After-Free en iOS y iPadOS de Apple Explotada Análisis técnico de CVE-2023-41974, una vulnerabilidad crítica en iOS y iPadOS que permite ejecución de código con privilegios de kernel. Impacto, mitigaciones https://t.co/a2p3X9wSpI
@CiberPlanetaOrg
16 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Use-After-Free en Apple iOS y iPadOS (CVE-2023-41974) Vulnerabilidad de use-after-free (CWE-416) en Apple iOS y iPadOS permite a una app ejecutar código arbitrario con privilegios de kernel. Severidad alta (CVSS 7.8). Aplicar parche
@CiberPlanetaOrg
16 Mar 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/03/05:Apple macOS/iOS などにおける複数の脆弱性を登録 https://t.co/F6dGaEVrJp Apple の製品群で発見された深刻な脆弱性は、主にメモリ管理と計算処理の不備に起因するものです。具体的には、CVE-2023-430
@iototsecnews
16 Mar 2026
132 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patches Coruna exploit in iOS 15.8.7 and iPadOS 15.8.7, fixing kernel and WebKit flaws on older devices, reports Marcus Mendes for 9to5mac. Includes CVE-2023-41974 and others, addressing use-after-free and type confusion from 2023 fixes. Source: https://t.co/vPyGmdRu1f htt
@LLMTalksTech
15 Mar 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"patched .. underlying vulnerabilities in iOS updates .. over .. 2 years .. fixes for users who cannot update ..latest version. Specifically, iOS and iPadOS 15.8.7 patch 4 vulnerabilities: CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010" https://t.co/xrdMU89
@christinayiotis
14 Mar 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patches Coruna exploit in iOS 15.8.7 and iPadOS 15.8.7, addressing kernel and WebKit flaws on older devices, reports Marcus Mendes for 9to5mac. CVE-2023-41974 targets memory issues on iPhone 6s and similar models. Source: https://t.co/vPyGmdRu1f https://t.co/hiwBlGft8M
@LLMTalksTech
13 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has released security patches for older iPhones and iPads to fix kernel and WebKit vulnerabilities exploited by the Coruna exploit kit, addressing multiple CVEs including CVE-2023-41974 and CVE-2024-23222. #Coruna #ExploitPatch #USA https://t.co/9zTv70oc6r
@TweetThreatNews
12 Mar 2026
215 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISAがCoruna関連のiOS 脆弱性 3件をKEV追加 iOS 13〜17.2.1を狙う23件の攻撃キット対応(CVE-2023-41974,CVE-2021-30952,CVE-2023-43000) https://t.co/bR3T4UgulA #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
11 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2021-30952, CVE-2023-41974, CVE-2023-43000: iOS exploits from 2021 still working in 2026. Coruna kit passed hands: US surveillance → state actors → Chinese criminals. Zero-day recycling market is real. Update your iPhones. Please.
@CisoRaging77913
9 Mar 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. <<<IMPORTANT>>> ⚡️ CVE-2021-30952, CVE-2023-41974, CVE-2023-43000 added to CISA KEV catalog ⚡️ Co
@xkzdb
6 Mar 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Atenção usuários de Apple! A vulnerabilidade CVE-2023-41974 em iOS e iPadOS permite execução de código arbitrário com privilégios de kernel. Aplique as mitigações recomendadas ou descontinue o uso do produto. Mantenha sua segurança em dia! #CyberSecurity #InfoSec
@fernandokarl
6 Mar 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Cisco Catalyst SD-WANの脆弱性、さらに2件の悪用が明らかに:CVE-2026-20128、CVE-2026-20122 ⚠️米CISA、Apple製品の古い脆弱性3件をKEVカタログに追加(CVE-2023-43000、CVE-2021-30952、CVE-2023-41974) 〜サイバーアラート3月6日
@MachinaRecord
6 Mar 2026
189 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。ハイクビジョンのCVE-2017-7921、Rockwell Automation製品のCVE-2021-22681、Apple製品のCVE-2021-30952、CVE-2023-4197
@__kokumoto
5 Mar 2026
822 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-41974 #Apple iOS and iPadOS Use-After-Free Vulnerability https://t.co/mZeu8CkI2f
@ScyScan
5 Mar 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2023-41974 - Apple - iOS and iPadOS - https://t.co/Ck8ZBVSCQ7 #OSINT #ThreatIntel #CyberSecurity #cve-2023-41974 #apple #ios-and-ipados
@RedPacketSec
5 Mar 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Finally got an iPhone. Long live CVE-2023-41974 "landa", long live Dopamine, long live Wozniak! https://t.co/BtVYGhUb7K
@sayako_8964
16 Apr 2025
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574928-4E49-45B0-AE6E-DF4D38897F67",
"versionEndExcluding": "15.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96A83F37-8992-449C-BD92-5BF28788CB6E",
"versionEndExcluding": "17.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E9DC1A-618A-4CAF-96C7-EC5BA2C1F617",
"versionEndExcluding": "15.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95DD2B66-EF25-4E37-94CE-8324CF4A40AB",
"versionEndExcluding": "17.0",
"versionStartIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]