⚠ Actively exploited
Added to CISA KEV on 2026-03-05. Federal agencies required to patch by 2026-03-26. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2023-43000 — Use After Free in Apple IOS AND Ipados
Severity
8.8HIGHNVD
EPSS
0.1%
top 81.34%
CISA KEV
KEV
Added 2026-03-05
Due 2026-03-26
Exploit
No known exploits
Affected products
Timeline
PublishedNov 5
KEV addedMar 5
Latest updateMar 11
KEV dueMar 26
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
4CVEList
▶
GHSA▶
GHSA-96ff-3rwm-724g: A use-after-free issue was addressed with improved memory management↗2025-11-05
📋Vendor Advisories
7Red Hat
▶