CVE-2023-41974

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/120949	Release Notes Vendor Advisory
https://support.apple.com/en-us/126632	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213938	Release Notes Vendor Advisory
https://support.apple.com/kb/HT213938	Release Notes Vendor Advisory
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit	Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::

History

12 Mar 2026, 13:25

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/120949 -~~	() https://support.apple.com/en-us/120949 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/126632 -~~	() https://support.apple.com/en-us/126632 - Release Notes, Vendor Advisory

12 Mar 2026, 01:15

Type	Values Removed	Values Added
References		() https://support.apple.com/en-us/120949 - () https://support.apple.com/en-us/126632 -
Summary	~~(en) A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.~~	(en) A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

06 Mar 2026, 13:44

Type	Values Removed	Values Added
References	~~() https://support.apple.com/kb/HT213938 -~~	() https://support.apple.com/kb/HT213938 - Release Notes, Vendor Advisory
References	~~() https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit -~~	() https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit - Exploit, Third Party Advisory
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974 - US Government Resource

05 Mar 2026, 20:16

Type	Values Removed	Values Added
References		() https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974 -

04 Nov 2025, 20:16

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT213938 -

21 Nov 2024, 08:22

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/HT213938 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT213938 - Release Notes, Vendor Advisory

17 Jan 2024, 21:17

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:ipados::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416
First Time		Apple iphone Os Apple Apple ipados
References	~~() https://support.apple.com/en-us/HT213938 -~~	() https://support.apple.com/en-us/HT213938 - Release Notes, Vendor Advisory

10 Jan 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-10 22:15

Updated : 2026-03-12 13:25

NVD link : CVE-2023-41974

Mitre link : CVE-2023-41974

CVE.ORG link : CVE-2023-41974

JSON object : View

Products Affected

apple

iphone_os
ipados

CWE

CWE-416

Use After Free

7.8 /10