AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMarch 4, 2026CVE-2023-43000

Summary

Apple's macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability (a bug where software tries to access memory that has already been freed, causing crashes or allowing attackers to run malicious code) triggered by specially crafted web content that can corrupt memory. This vulnerability is currently being actively exploited by attackers in real-world attacks.

Solution / Mitigation

Apply mitigations per Apple's vendor instructions (see support.apple.com/en-us/120324, support.apple.com/en-us/120331, and support.apple.com/en-us/120338), follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-416

CAPEC (Attack Pattern)

CAPEC-233

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-43000

First tracked: March 5, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%