Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Apache ActiveMQ Flaw Enables DoS Attacks
March 9, 2026
Rewterz
ICS: Multiple Johnson Controls Frick Controls Quantum HD Vulnerabilities
March 9, 2026

CISA Alerts on Exploited macOS and iOS Vulnerabilities

Severity

High

Analysis Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple actively exploited vulnerabilities in Apple products, including macOS, iOS, iPadOS, tvOS, and Safari. On March 5, 2026, CISA added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, signaling that threat actors are actively targeting these weaknesses. Organizations are urged to prioritize patching immediately to mitigate potential cyber risks.

The exploited vulnerabilities involve serious memory management and arithmetic logic issues. Two of the flaws, CVE-2023-43000 and CVE-2023-41974, are Use-After-Free (CWE-416) vulnerabilities, which allow attackers to manipulate memory pointers after reallocation to execute malicious code. The third flaw, CVE-2021-30952, is an Integer Overflow vulnerability (CWE-190), which can trigger unexpected software behavior or arbitrary code execution when numeric values exceed their allocated storage space.

Each vulnerability presents distinct risks depending on the affected system. CVE-2023-43000 impacts macOS, iOS, iPadOS, and Safari 16.6, potentially causing memory corruption. CVE-2021-30952 affects tvOS, macOS, Safari, iPadOS, and watchOS, allowing arbitrary code execution. CVE-2023-41974 specifically impacts iOS and iPadOS, enabling malicious apps to gain kernel-level privileges for deep system access. While there is no confirmation linking these vulnerabilities to active ransomware campaigns, their potential for arbitrary code execution and system compromise makes immediate mitigation essential.

Under CISA’s Binding Operational Directive (BOD) 22-01Federal Civilian Executive Branch (FCEB) agencies must secure their networks against these threats by March 26, 2026. Organizations should apply all official Apple security updates, follow BOD 22-01 guidance for cloud environments, and discontinue the use of vulnerable products if mitigations cannot be applied. CISA also strongly recommends that private enterprises implement these protections promptly to prevent compromise from active exploits.

Impact

  • Code Execution
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2023-43000

  • CVE-2021-30952

  • CVE-2023-41974

Remediation

  • Apply all official Apple patches for macOS, iOS, iPadOS, tvOS, watchOS, and Safari immediately.
  • For federal agencies, comply with Binding Operational Directive 22-01 to secure networks by March 26, 2026; private organizations should adopt the same measures.
  • Temporarily stop using affected systems or applications if official updates or mitigations cannot be applied immediately.
  • Scan all Apple devices in your network for CVE-2023-43000, CVE-2021-30952, and CVE-2023-41974 to verify patch deployment.
  • Monitor network and device behavior for unusual activity that may indicate exploitation attempts, and enable logging and alerts on endpoints and network devices.
  • Enforce strict application installation policies, limit administrative privileges, and educate users to avoid interacting with untrusted web content.