CISA Issues Urgent Alert on Actively Exploited macOS and iOS Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has recently sounded the alarm over multiple security vulnerabilities in Apple’s macOS and iOS platforms that are currently under active exploitation. On March 5, 2026, CISA incorporated three critical flaws into its Known Exploited Vulnerabilities (KEV) catalog, signaling an immediate need for organizations to address these issues to mitigate potential cyber threats.
Detailed Overview of the Vulnerabilities
The identified vulnerabilities pertain to memory management and arithmetic logic errors, each presenting unique risks:
1. CVE-2023-43000: This Use-After-Free vulnerability (CWE-416) affects macOS, iOS, iPadOS, and Safari 16.6. It arises when a program continues to use a memory pointer after it has been freed, potentially leading to memory corruption. Attackers can exploit this flaw by enticing users to process maliciously crafted web content, resulting in unauthorized code execution.
2. CVE-2023-41974: Also classified as a Use-After-Free vulnerability, this flaw specifically impacts iOS and iPadOS. It allows a malicious application to execute arbitrary code with kernel privileges, granting deep system access. Exploitation can occur through the processing of malicious web content, leading to significant security breaches.
3. CVE-2021-30952: This Integer Overflow vulnerability (CWE-190) affects tvOS, macOS, Safari, iPadOS, and watchOS. It occurs when an arithmetic operation results in a numeric value exceeding the storage capacity, causing unexpected software behavior. Attackers can exploit this by tricking users into processing malicious web content, potentially leading to arbitrary code execution.
Implications and Required Actions
While CISA has not confirmed any direct links between these vulnerabilities and active ransomware campaigns, the potential for arbitrary code execution and kernel-level system access underscores the critical need for immediate remediation.
In accordance with Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are mandated to secure their networks against these vulnerabilities by March 26, 2026. Although this directive specifically targets federal agencies, CISA strongly advises all private enterprises to prioritize these updates to prevent potential network compromises.
Recommended Mitigation Steps
To effectively address these vulnerabilities, organizations and individual users should:
– Apply Security Updates: Implement all available security patches as per Apple’s official instructions to rectify the identified flaws.
– Adhere to BOD 22-01 Guidance: For cloud-based enterprise environments, follow the applicable guidelines outlined in BOD 22-01 to ensure comprehensive protection.
– Discontinue Use of Vulnerable Products: If official mitigations cannot be deployed promptly, cease the use of affected products to eliminate exposure to potential exploits.
Broader Context of Apple Vulnerabilities
This alert is part of a series of recent disclosures highlighting security challenges within Apple’s ecosystem:
– WhatsApp Zero-Day Exploitation: In August 2025, a sophisticated attack campaign exploited a zero-day vulnerability in WhatsApp on Apple devices, compromising user data. The attack combined this flaw with another in Apple’s operating systems to gain unauthorized access.
– macOS Sandbox Bypass: In May 2025, a proof-of-concept exploit was released for a macOS vulnerability (CVE-2025-31258) that allowed malicious applications to escape the sandbox protection mechanism, potentially accessing sensitive system resources and user data.
– WebKit Zero-Day Vulnerability: In December 2025, CISA warned of a critical zero-day vulnerability in Apple’s WebKit, actively exploited in attacks. This use-after-free flaw affected multiple Apple products, including iOS, iPadOS, and macOS.
– iOS Zero-Click Vulnerability: In June 2025, CISA added a critical iOS zero-click vulnerability to its KEV catalog, noting active exploitation by sophisticated spyware targeting journalists. The flaw allowed attackers to compromise devices without user interaction through maliciously crafted media shared via iCloud Links.
Conclusion
The recent inclusion of these vulnerabilities in CISA’s KEV catalog underscores the persistent and evolving threats targeting Apple’s operating systems. Organizations and individual users must remain vigilant, promptly applying security updates and adhering to recommended guidelines to safeguard against potential exploits. Staying informed through official channels and implementing proactive security measures are essential steps in maintaining the integrity and security of digital environments.
