The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three actively exploited vulnerabilities affecting multiple Apple platforms.
On March 5, 2026, CISA added these security flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention from network defenders and system administrators.
These vulnerabilities impact a wide range of Apple devices running iOS, iPadOS, macOS, tvOS, and watchOS, as well as the Safari web browser.
Federal agencies and private organizations have been given a strict deadline of March 26, 2026, to apply the necessary mitigations to protect their networks from active cyber threats.
Details of the Exploited Flaws
The first vulnerability, identified as CVE-2023-43000, is a Use-After-Free (UAF) issue affecting macOS, iOS, iPadOS, and Safari 16.6.
This flaw occurs when a program continues to use a freed memory pointer. Threat actors can exploit this weakness by tricking users into visiting maliciously crafted web pages.
Once processed, the malicious web content can trigger memory corruption, potentially allowing attackers to disrupt device functionality or pave the way for further network compromise.
The second issue, tracked as CVE-2021-30952, is a serious integer overflow/wraparound vulnerability.
It impacts an even broader range of Apple systems, including tvOS, macOS, Safari, iPadOS, and watchOS.
Similar to the previous flaw, this vulnerability is triggered when a targeted device processes maliciously crafted web content.
However, the potential impact is more severe, as it could allow an attacker to achieve arbitrary code execution. This means a threat actor could run malicious commands on the victim’s device without their knowledge.
The third vulnerability, CVE-2023-41974, is another Use-After-Free bug that specifically targets iOS and iPadOS.
Unlike the web-based triggers of the other two flaws, this vulnerability can be exploited by a malicious application installed directly on the device.
If successfully exploited, the rogue app could execute arbitrary code with high-level kernel privileges, giving the attacker deep access to the underlying operating system and sensitive user data.
Required Actions and Mitigation
CISA’s addition of these flaws to the KEV catalog serves as proof that threat actors are actively exploiting them in the wild.
While it currently remains unknown if these specific vulnerabilities are tied to major ransomware campaigns, their active exploitation makes them a critical priority for IT teams.
Under Binding Operational Directive (BOD) 22-01, federal civilian executive branch agencies are legally required to patch these vulnerabilities by the March 26 deadline.
CISA strongly urges all private organizations, enterprise defenders, and individual users to update their Apple devices immediately.
Network administrators should review Apple’s official vendor instructions, deploy the latest software updates, and continuously monitor their endpoints to prevent unauthorized access.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
