← Back to CVEs
CVE-2023-41974
HIGHCISA KEV7.8
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published1/10/2024
Last Modified3/12/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorApple
ProductiOS and iPadOS
Vulnerability NameApple iOS and iPadOS Use-After-Free Vulnerability
KEV Date Added2026-03-05
Remediation Due Date2026-03-26
Ransomware UseUnknown
Affected Products
apple:ipadosapple:iphone_os
Weaknesses (CWE)
CWE-416CWE-416
References
https://support.apple.com/en-us/120949(product-security@apple.com)
https://support.apple.com/en-us/126632(product-security@apple.com)
https://support.apple.com/en-us/HT213938(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213938(af854a3a-2127-422b-91ae-364da2661108)
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.