US CISA adds three iOS vulnerabilities to known exploited vulnerabilities catalog
Change
US CISA added CVE-2021-30952, CVE-2023-41974 and CVE-2023-43000 to its catalog of known exploited vulnerabilities and directed all federal agencies to apply vendor mitigations, patch affected devices, or discontinue use of vulnerable iPhones running iOS 13 through 17.2.1.
Why it matters
The catalog listing marks these flaws as present in active exploit chains (the Coruna kit) that have been used by multiple distinct threat actors, raising the operational risk of legacy and unmanaged devices. Available mitigations are limited and situational — the exploits do not fire only when Apple Lockdown mode is enabled or a browser is in private mode — narrowing safe device-configuration options for sensitive networks.
Implications
- • Federal cloud service operators supporting government systems must follow CISA’s applicable cloud mitigation guidance for affected services.
- • Mobile device management administrators for federal agency device fleets must identify iPhones running iOS 13 through 17.2.1 and remediate, upgrade, or decommission devices that cannot be patched or mitigated.
Unlock the decision layer.
See what the change means — implications, exposure, timing — and ask AI about any brief instantly.
- Implications: What actually changes downstream.
- Who is affected: Which teams or operators are exposed.
- What to watch: Deadlines, triggers, and next moves.
- Ask AI: Clarify any brief instantly, in context.
14-day free trial. Full access. No credit card required.
Start free trial
Source
Topics
Policy & Regulation Regulatory Actions Compliance Cybersecurity