Threat Intelligence / CVE / CVE-2023-41974

CVE-2023-41974

CISA KEV

CVSS 7.8 (HIGH) · EPSS 0.2% · Published 2024-01-10

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

CVSS v3 vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416

Threats tracking this CVE

Coruna iOS Exploit Kit — 23 Exploits Across 5 Chains Targeting iOS 13-17.2.1 (CVE-2021-30952, CVE-2023-41974, CVE-2023-43000 + 20 More) — CRITICAL

References

https://support.apple.com/en-us/120949
https://support.apple.com/en-us/126632
https://support.apple.com/en-us/HT213938
https://support.apple.com/kb/HT213938
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974

Full detection coverage & IOCs for threats exploiting CVE-2023-41974 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence