CVE-2023-41974
CISA KEVPublished March 5, 2026 · Updated April 3, 2026
What This Means
# CVE-2023-41974: iOS/iPadOS Kernel Use-After-Free A use-after-free vulnerability in Apple iOS and iPadOS allows a malicious app to execute arbitrary code with kernel-level privileges, bypassing sandbox restrictions and gaining complete system control. This affects all iOS and iPadOS versions prior to the patch release and requires user installation of a malicious app to trigger. **Action:** Update iOS and iPadOS to the latest available version immediately. Review app installation policies and audit which apps have kernel entitlements on your managed devices. If you support iOS/iPadOS in your environment, prioritize this patch ahead of standard update schedules.
Official Description+
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Affected Products
| Vendor | Product |
|---|---|
| Apple | iOS and iPadOS |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2023-41974.