US CISA adds three iOS vulnerabilities to known-exploited catalog

Ars Technica
Change
US CISA added CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 to its catalog of known exploited vulnerabilities and directed federal agencies to apply vendor mitigations or discontinue use of affected products.
US CISA adds three iOS vulnerabilities to known-exploited catalog
Why it matters
The added entries cover exploits that are part of a broader 23-exploit kit capable of targeting iPhones running iOS 13.0 through 17.2.1, expanding the universe of at-risk devices. That breadth increases forensic, inventory, and remediation workloads for organizations responsible for long-lived or legacy iOS devices.
Implications
  • Federal agency IT teams must identify devices running iOS 13.0 through 17.2.1 and apply vendor mitigations or remove those devices from agency networks.
  • Mobile device management administrators supporting federal networks must push available updates, enable protective configurations, or enforce device removal where mitigations are unavailable.

Unlock the decision layer.

See what the change means — implications, exposure, timing — and ask AI about any brief instantly.

  • Implications: What actually changes downstream.
  • Who is affected: Which teams or operators are exposed.
  • What to watch: Deadlines, triggers, and next moves.
  • Real-time alerts: Know the moment a change is published.
  • Ask AI: Clarify any brief instantly, in context.

14-day free trial. Full access. No credit card required.

Start free trial
Source

Ars Technica

Topics

Policy & Regulation Regulatory Actions Compliance Cybersecurity Big Tech

Stay updated

Don’t check for changes.
Get them as they happen.

Get real-time alerts for executed changes, a daily briefing of what matters, and a weekly summary to stay on top — without having to check constantly.

Start free trial

14-day free trial. Full access. No credit card required.