CVE-2023-41974: Apple Use-After-Free

CVE-2023-41974

HIGHNVD 7.89.0▲Trending — 4 sources updated this weekExploited in the wild

Frequently asked(6)

What is CVE-2023-41974?

CVE-2023-41974 is a high vulnerability published on January 10, 2024. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

When was CVE-2023-41974 disclosed?

CVE-2023-41974 was first published in the National Vulnerability Database on January 10, 2024, with the most recent update on March 12, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2023-41974 actively exploited?

Yes. CISA added CVE-2023-41974 to the Known Exploited Vulnerabilities catalog on March 5, 2026, affecting Apple iOS and iPadOS. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2023-41974?

CVE-2023-41974 has a CVSS v3 base score of 7.8 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 9.0.

Which products are affected by CVE-2023-41974?

CVE-2023-41974 affects Apple iOS and iPadOS. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2023-41974?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2023-41974, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

CVE-2023-41974

Published

Last Modified

Advisory Details (6)

Known Exploited Vulnerabilities Catalog | CISA

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit | Google Cloud Blog

About the security content of iOS 17 and iPadOS 17 - Apple Support

About the security content of iOS 17 and iPadOS 17 - Apple Support

About the security content of iOS 15.8.7 and iPadOS 15.8.7 - Apple Support

About the security content of iOS 17 and iPadOS 17 - Apple Support

Weakness Classification(1)

Data Freshness Timeline

Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2023-41974?

Same CWE

CVE-2023-41974

📅 Published

🔄 Last Modified

📋 Advisory Details (6)

Known Exploited Vulnerabilities Catalog | CISA

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit | Google Cloud Blog

About the security content of iOS 17 and iPadOS 17 - Apple Support

About the security content of iOS 17 and iPadOS 17 - Apple Support

About the security content of iOS 15.8.7 and iPadOS 15.8.7 - Apple Support

About the security content of iOS 17 and iPadOS 17 - Apple Support

Weakness Classification(1)

Data Freshness Timeline

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2023-41974?

🔗 Related CVEs(same CWE)

Same CWE

Published

Last Modified

Advisory Details (6)

Frequently asked(6)

Related CVEs(same CWE)