CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing active exploitation.<\/p>\n
On March 5, 2026, CISA added three security flaws affecting macOS, iOS, iPadOS, and other Apple products<\/a> to its Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n This addition warns network defenders that threat actors are actively leveraging these flaws in the wild, making immediate patching a top priority for organizations managing cyber risks.<\/p>\n The newly added vulnerabilities involve memory management and arithmetic logic issues. Two of the flaws, CVE-2023-43000 and CVE-2023-41974, are Use-After-Free vulnerabilities (CWE-416)<\/a>.<\/p>\n These occur when a program continues to use a memory pointer after reallocation, allowing attackers to inject malicious code.<\/p>\n The third flaw, CVE-2021-30952, is an Integer Overflow vulnerability (CWE-190)<\/a>. This triggers unexpected software behavior when an operation creates a numeric value too large for its allocated storage space.<\/p>\n Attackers can trigger these flaws by tricking users into processing maliciously crafted web content<\/a>. Each vulnerability carries distinct risks:<\/p>\n CISA currently reports that it is unknown if these specific vulnerabilities are tied to active ransomware campaigns<\/a>.<\/p>\n However, the severe risk of arbitrary code execution and kernel-level system access <\/a>demands immediate remediation.<\/p>\n Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must secure their networks against these threats by March 26, 2026.<\/p>\n While this federal mandate applies strictly to government agencies, CISA strongly urges all private enterprises<\/a> to prioritize these updates immediately to prevent network compromise.<\/p>\n Network defenders should take the following steps by the deadline: Apply all available security updates per Apple\u2019s official vendor <\/a>instructions.<\/p>\n Follow applicable BOD 22-01 guidance for cloud-based enterprise environments. Discontinue the use of vulnerable products immediately if official mitigations cannot be deployed.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nExploited Apple Vulnerabilities<\/strong><\/h2>\n
\n