CVE-2023-41974
Apple iOS and iPadOS Use-After-Free Vulnerability - [Actively Exploited]
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
INFO
Published Date :
Jan. 10, 2024, 10:15 p.m.
Last Modified :
March 12, 2026, 1:25 p.m.
Remotely Exploit :
No
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Upgrade to Apple iOS version 17 or later
Public PoC/Exploit Available at Github
CVE-2023-41974 has a 12 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-41974.
| URL | Resource |
|---|---|
| https://support.apple.com/en-us/120949 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126632 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/HT213938 | Release Notes Vendor Advisory |
| https://support.apple.com/kb/HT213938 | Release Notes Vendor Advisory |
| https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit | Exploit Third Party Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-41974 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-41974
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
A Complete Technical Teardown of a State-Grade iOS/macOS Watering-Hole Exploit Chain
None
Python
PureKFD v5 Revamped (An exploit based Jailed Package Manager for iOS 14.0-16.6.1)
C Objective-C Swift
None
None
PureKFD linux testing
Swift Python
None
iOS kernel exploit for iOS 14 and 15
C Swift Objective-C
None
None
An exploit based Jailed Package Manager for iOS 15.0-18.0/18.1b4
Swift C Objective-C Shell Python
kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices.
Makefile Swift C
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-41974 vulnerability anywhere in the article.
-
CybersecurityNews
Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit
Apple Released Emergency Updates iOS 15.8.7 Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a severe threat known as the ‘Coruna’ exploit ... Read more
-
Daily CyberSecurity
Legacy Under Siege: Apple Pushes Emergency iOS 15.8.7 Update to Thwart ‘Coruna’ Exploit Kit
In a major move to protect users of older hardware, Apple has released critical security updates for iOS 15.8.7 and iPadOS 15.8.7. This emergency response follows a stark warning from Google regarding ... Read more
-
TheCyberThrone
Apple Patches Coruna Exploit Kit — Older iOS/iPadOS Devices
March 13, 2026What is Coruna?Researchers from Google and iVerify disclosed in early March 2026 a sophisticated exploit kit dubbed Coruna, described as “nation-state grade,” enabling mass exploitation ... Read more
-
The Hacker News
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked a ... Read more
-
security.nl
Apple beschermt oude iPhones tegen actief aangevallen kwetsbaarheid
Apple heeft beveiligingsupdates uitgebracht om oude iPhones en iPads tegen actief aangevallen kwetsbaarheden te beschermen. Onlangs werd bekend dat aanvallers de beveiligingslekken, waarvoor Apple al ... Read more
-
CybersecurityNews
CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks
CISA Warns macOS and iOS Vulnerabilities Exploit The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing activ ... Read more
-
Ars Technica
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
Coruna is also notable for its use by three distinct hacking groups. Google first detected its use in February of last year in an operation conducted by a “customer of a surveillance vendor.” The vuln ... Read more
-
TheCyberThrone
CISA Adds Five Flaws to Its KEV Catalog
March 6, 2026Federal agencies face a three-week deadline to remediate a set of vulnerabilities spanning consumer devices, industrial controllers, and surveillance cameras — all confirmed to be activel ... Read more
-
Daily CyberSecurity
Coruna: The High-Powered iOS Exploit Kit Proliferating Across the Global Threat Landscape
Coruna iOS exploit kit timeline The Google Threat Intelligence Group (GTIG) has detailed the curtain on “Coruna,” a formidable iOS exploit kit that has transitioned from the hands of commercial survei ... Read more
-
The Hacker News
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five fu ... Read more
-
Google Cloud
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Introduction Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17. ... Read more
The following table lists the changes that have been made to the
CVE-2023-41974 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Mar. 12, 2026
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 17.0 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions up to (excluding) 17.0 OR *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions up to (excluding) 15.8.7 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions from (including) 16.0 up to (excluding) 17.0 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 15.8.7 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions from (including) 16.0 up to (excluding) 17.0 Added Reference Type Apple Inc.: https://support.apple.com/en-us/120949 Types: Release Notes, Vendor Advisory Added Reference Type Apple Inc.: https://support.apple.com/en-us/126632 Types: Release Notes, Vendor Advisory -
CVE Modified by [email protected]
Mar. 12, 2026
Action Type Old Value New Value Changed Description A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges. Added Reference https://support.apple.com/en-us/120949 Added Reference https://support.apple.com/en-us/126632 Removed Reference https://support.apple.com/en-us/HT213938 Removed Reference Type https://support.apple.com/en-us/HT213938 Types: Release Notes, Vendor Advisory -
Modified Analysis by [email protected]
Mar. 06, 2026
Action Type Old Value New Value Added Reference Type CISA-ADP: https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit Types: Exploit, Third Party Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974 Types: US Government Resource Added Reference Type CVE: https://support.apple.com/kb/HT213938 Types: Release Notes, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 05, 2026
Action Type Old Value New Value Added Reference https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Mar. 05, 2026
Action Type Old Value New Value Added Date Added 2026-03-05 Added Due Date 2026-03-26 Added Vulnerability Name Apple iOS and iPadOS Use-After-Free Vulnerability Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 04, 2025
Action Type Old Value New Value Added Reference https://support.apple.com/kb/HT213938 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 20, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-416 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://support.apple.com/en-us/HT213938 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
Jan. 17, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Changed Reference Type https://support.apple.com/en-us/HT213938 No Types Assigned https://support.apple.com/en-us/HT213938 Release Notes, Vendor Advisory Added CWE NIST CWE-416 Added CPE Configuration OR *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions up to (excluding) 17.0 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 17.0 -
CVE Received by [email protected]
Jan. 10, 2024
Action Type Old Value New Value Added Description A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. Added Reference Apple Inc. https://support.apple.com/en-us/HT213938 [No types assigned]