⚠ Actively exploited

Added to CISA KEV on 2026-03-05. Federal agencies required to patch by 2026-03-26. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2023-41974 — Use After Free in Apple IOS AND Ipados

CWE-416 — Use After Free7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 60.13%

CISA KEV

KEV

Added 2026-03-05

Due 2026-03-26

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Ipados Apple Iphone OS +2 more

Timeline

PublishedJan 10

KEV addedMar 5

Latest updateMar 12

KEV dueMar 26

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDapple/ipados16.0 — 17.0+1

▶CVEListV5apple/ios_and_ipadosunspecified — 17+1

▶Appleapple/ios_17_and_ipados17

▶Appleapple/ios_15.8.7_and_ipados15.8.7

▶NVDapple/iphone_os16.0 — 17.0+1

🔴Vulnerability Details

GHSA

GHSA-58c3-hjfx-2gmq: A use-after-free issue was addressed with improved memory management↗2024-01-11

▶

VulnCheck

Apple iOS and iPadOS Use-After-Free Vulnerability↗2023

▶

📋Vendor Advisories

Apple

CVE-2023-41974: iOS 15.8.7 and iPadOS 15.8.7↗2026-03-11

▶

CISA

Apple iOS and iPadOS Use-After-Free Vulnerability↗2026-03-05

▶

Apple

CVE-2023-41974: iOS 17 and iPadOS 17↗2023-09-18

▶

🕵️Threat Intelligence

Bleepingcomputer

Apple patches older iPhones and iPads against Coruna exploits↗2026-03-12

▶