🟢 CVE-2023-41974

CVE-2023-41974 is a use-after-free vulnerability in iOS and iPadOS that allows malicious apps to execute arbitrary code with kernel privileges. While listed in CISA KEV and actively exploited, this affects mobile client devices, not internet-facing servers.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2024-01-10

Added to CISA KEV: 2026-03-05 785 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2023-41974 is a security vulnerability affecting Apple's iOS and iPadOS operating systems, specifically involving a use-after-free issue within the kernel [2] [1].

Exploitation and Threat Actor Usage
  • Active Exploitation: This vulnerability has been identified as being actively exploited in the wild, leading to its inclusion in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog [2].
  • Threat Actor Usage: While specific threat actor attribution is often sensitive, the vulnerability has been associated with sophisticated exploit chains, including research into powerful iOS exploit kits [3].
Attack Method and Requirements
  • Exploitation Requirements: Successful exploitation typically requires local access to the device, often through a malicious application installed by the user [4].
  • Attack Method: As a use-after-free vulnerability, it involves improper memory management within the kernel (XNU). An attacker can leverage this to manipulate memory in a way that allows for unauthorized code execution or privilege escalation [1].
Impact
  • Access and Impact: If successfully exploited, the vulnerability allows a malicious application to gain kernel-level privileges. This effectively enables the attacker to bypass standard iOS sandbox protections, granting them broad control over the device [1].
Proof-of-Concept and Availability
  • While the vulnerability is known to be exploited in the wild, public proof-of-concept (PoC) code is generally treated with caution. Some security research write-ups have discussed the vulnerability in the context of kernel exploitation (sometimes referencing terms like "landa" or "kfd"), but these are typically intended for defensive research rather than operational use [1].
Affected Versions and Mitigation
  • Affected Products: The vulnerability affects various versions of iOS and iPadOS.
  • Patch Status: Apple addressed this issue with improved memory management in updates including iOS 17, iPadOS 17, and specific versions of iOS/iPadOS 15 (e.g., 15.8.7) [2]. Users are strongly advised to ensure their devices are running the latest available security updates to mitigate this risk.

Sources

  1. CVE-2023-41974: Apple iOS/iPadOS Kernel Use-After-Free

    Impact of Successful Exploitation of CVE-2023-41974 If exploited, CVE-2023-41974 may let a malicious app gain kernel-level privileges, which can effectively defeat normal iOS sandbox boundaries. ... Some community research references associate CVE-2023-41974 with XNU (the Apple kernel) and discuss i…

  2. CVE-2023-41974 Detail - NVD

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be ... This CVE is currently being enriched by team members, this process results in the association of reference link tags, CVSS, CWE, and CPE…

  3. CVE-2023-41974 - Vulnerability Details - OpenCVE

    Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974. ...

  4. CVE-2023-41974 - Exploits & Severity - Feedly

    CVE-2023-41974, known as Parallax, affects iOS versions 16.4 through 16.7. The criticality, exploitation status, CVSS score, proof-of-concept exploits, mitigations, detections, patches, and downstream impacts are not specified in the provided information. ... This vulnerability is uniquely identifie…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed