CVE-2023-41974

HIGH KEV

iPadOS < 17.0 - Use-After-Free

Title source: llm

Exploitation Summary

CVE-2023-41974 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 5, 2026. EIP tracks 1 public exploit.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-41974, leveraging a path traversal vulnerability in Apple's mobile backup system to achieve arbitrary file write and potential local privilege escalation (LPE) on iOS devices. The exploit uses the MobileBackup2 service to manipulate backup/restore operations for unauthorized file access.

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

Exploits (1)

vulncheck_xdb WORKING POC

local

https://github.com/Lrdsnow/PureKFD

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-41974, leveraging a path traversal vulnerability in Apple's mobile backup system to achieve arbitrary file write and potential local privilege escalation (LPE) on iOS devices. The exploit uses the MobileBackup2 service to manipulate backup/restore operations for unauthorized file access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple iOS (MobileBackup2 service)

Auth required

Prerequisites: Physical access or USB connection to the target iOS device · Device in a state allowing backup/restore operations

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974

Vendor Advisory

https://support.apple.com/en-us/120949

Vendor Advisory

https://support.apple.com/en-us/126632

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213938

Vendor Advisory

https://support.apple.com/kb/HT213938

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-03-05

VulnCheck KEV 2026-03-03

ENISA EUVD EUVD-2023-46433

CWE

CWE-416

Status published

Products (2)

apple/ipados < 17.0

apple/iphone_os < 17.0

Published Jan 10, 2024

KEV Added Mar 05, 2026

Tracked Since Feb 18, 2026