Threat Intelligence / CVE / CVE-2023-43000

CVE-2023-43000

CISA KEV

CVSS 8.8 (HIGH) · EPSS 0.1% · Published 2025-11-05

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416

Threats tracking this CVE

Coruna iOS Exploit Kit — Government-Grade 23-Exploit Arsenal Proliferates from Surveillance Vendor to Russian Espionage and Chinese Cybercriminals Targeting 42K+ Devices — CRITICAL

References

https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338
https://support.apple.com/en-us/126632
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000

Full detection coverage & IOCs for threats exploiting CVE-2023-43000 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence