CVE-2023-41974

HIGH KEV

Apple Ipados < 17.0 - Use After Free

Title source: rule

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

Exploits (1)

vulncheck_xdb WORKING POC

local

https://github.com/Lrdsnow/PureKFD

View Code ZIP pw:eip

References (6)

[Various Sources] https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974

[Vendor Advisory] https://support.apple.com/en-us/120949

[Vendor Advisory] https://support.apple.com/en-us/126632

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213938

[Vendor Advisory] https://support.apple.com/kb/HT213938

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2026-03-05

VulnCheck KEV 2026-03-03

ENISA EUVD EUVD-2023-46433

CWE

CWE-416

Status published

Products (2)

apple/ipados < 17.0

apple/iphone_os < 17.0

Published Jan 10, 2024

KEV Added Mar 05, 2026

Tracked Since Feb 18, 2026