The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing active exploitation.
On March 5, 2026, CISA added three security flaws affecting macOS, iOS, iPadOS, and other Apple products to its Known Exploited Vulnerabilities (KEV) catalog.
This addition warns network defenders that threat actors are actively leveraging these flaws in the wild, making immediate patching a top priority for organizations managing cyber risks.
Exploited Apple Vulnerabilities
The newly added vulnerabilities involve memory management and arithmetic logic issues. Two of the flaws, CVE-2023-43000 and CVE-2023-41974, are Use-After-Free vulnerabilities (CWE-416).
These occur when a program continues to use a memory pointer after reallocation, allowing attackers to inject malicious code.
The third flaw, CVE-2021-30952, is an Integer Overflow vulnerability (CWE-190). This triggers unexpected software behavior when an operation creates a numeric value too large for its allocated storage space.
Attackers can trigger these flaws by tricking users into processing maliciously crafted web content. Each vulnerability carries distinct risks:
- CVE-2023-43000 affects macOS, iOS, iPadOS, and Safari 16.6, potentially causing memory corruption.
- CVE-2021-30952 impacts tvOS, macOS, Safari, iPadOS, and watchOS, leading to arbitrary code execution.
- CVE-2023-41974 strictly impacts iOS and iPadOS, allowing a malicious app to execute arbitrary code with kernel privileges for deep system access.
CISA currently reports that it is unknown if these specific vulnerabilities are tied to active ransomware campaigns.
However, the severe risk of arbitrary code execution and kernel-level system access demands immediate remediation.
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must secure their networks against these threats by March 26, 2026.
While this federal mandate applies strictly to government agencies, CISA strongly urges all private enterprises to prioritize these updates immediately to prevent network compromise.
Network defenders should take the following steps by the deadline: Apply all available security updates per Apple’s official vendor instructions.
Follow applicable BOD 22-01 guidance for cloud-based enterprise environments. Discontinue the use of vulnerable products immediately if official mitigations cannot be deployed.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
