US CISA adds three iOS vulnerabilities to known-exploited catalog

Ars Technica
Change
US CISA added CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 to its catalog of known exploited vulnerabilities and directed federal agencies to apply vendor mitigations or discontinue use of affected products.
US CISA adds three iOS vulnerabilities to known-exploited catalog
Why it matters
The added entries cover exploits that are part of a broader 23-exploit kit capable of targeting iPhones running iOS 13.0 through 17.2.1, expanding the universe of at-risk devices. That breadth increases forensic, inventory, and remediation workloads for organizations responsible for long-lived or legacy iOS devices.
Implications
  • Federal agency IT teams must identify devices running iOS 13.0 through 17.2.1 and apply vendor mitigations or remove those devices from agency networks.
  • Mobile device management administrators supporting federal networks must push available updates, enable protective configurations, or enforce device removal where mitigations are unavailable.

Unlock the decision layer.

Go beyond headlines — see impact, exposure, and timing.

  • Implications: What actually changes downstream.
  • Who is affected: Which teams or operators are exposed.
  • What to watch: Deadlines, triggers, and next moves.
  • Real-time alerts: Know the moment a change is published.
  • Ask AI: Clarify any brief instantly, in context.

14-day free trial. Full access. No credit card required.

Start free trial
Source

Ars Technica

Topics

Policy & Regulation Regulatory Actions Compliance Cybersecurity Big Tech

Stay updated

Don’t check for changes.
Get them as they happen.

Get real-time alerts for executed changes, a daily briefing of what matters, and a weekly summary to stay on top — without having to check constantly.

Start free trial

14-day free trial. Full access. No credit card required.