CVE-2023-41974 | THREATINT

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

PUBLISHED Reserved 2023-09-06 | Published 2024-01-10 | Updated 2026-03-12 | Assigner apple

CISA Known Exploited Vulnerability

Date added 2026-03-05 | Due date 2026-03-26

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

An app may be able to execute arbitrary code with kernel privileges

Product status

Any version before 17

affected

Any version before 15.8.7

affected

References

support.apple.com/en-us/HT213938

support.apple.com/kb/HT213938

cloud.google.com/...lligence/coruna-powerful-ios-exploit-kit third-party-advisory

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2023-41974 government-resource

support.apple.com/en-us/120949

support.apple.com/en-us/126632

cve.org (CVE-2023-41974)

nvd.nist.gov (CVE-2023-41974)

Download JSON