US CISA adds three iOS vulnerabilities to known-exploited catalog
Change
US CISA added CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 to its catalog of known exploited vulnerabilities and directed federal agencies to apply vendor mitigations or discontinue use of affected products.
Why it matters
The added entries cover exploits that are part of a broader 23-exploit kit capable of targeting iPhones running iOS 13.0 through 17.2.1, expanding the universe of at-risk devices. That breadth increases forensic, inventory, and remediation workloads for organizations responsible for long-lived or legacy iOS devices.
Implications
- — Federal agency IT teams must identify devices running iOS 13.0 through 17.2.1 and apply vendor mitigations or remove those devices from agency networks.
- — Mobile device management administrators supporting federal networks must push available updates, enable protective configurations, or enforce device removal where mitigations are unavailable.
Unlock the decision layer.
- Implications: What this forces you to change — operations, exposure, or compliance.
- Who is affected: Which roles, contracts, and obligations are exposed.
- What to watch: Binding deadlines and enforcement dates.
- Real-time alerts: Delivered the moment a binding change is published.
- Ask AI: Ask what this means for your specific role.
No credit card · 14-day trial · Active in seconds
Unlock the decision layer
Source
Ars Technica
View on Ars Technica