Apple iOS and iPadOS Use-After-Free Vulnerability
Release Date: 05th of March 2026
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations and System/Network administrators that utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
CVE-2023-41974 is a high-severity memory corruption vulnerability (CVSS 7.8) affecting Apple mobile operating systems. The flaw is classified as a Use-After-Free (CWE-416) vulnerability in the system’s kernel memory management.
A use-after-free vulnerability occurs when a program continues to use a memory pointer after the memory has already been freed. This can lead to memory corruption, allowing attackers to manipulate system memory and potentially execute malicious code.
What are the Systems affected?
The vulnerability affects Apple mobile operating systems prior to the patched release.
Affected platforms include:
- Apple iOS versions earlier than iOS 17
- Apple iPadOS versions earlier than iPadOS 17
- Apple iPhone and iPad devices running vulnerable OS versions
What does this means?
The vulnerability requires local execution, meaning an attacker must get a malicious application onto the target device.
Typical attack vectors:
- Delivery of a malicious application
- Attackers distribute a malicious or trojanized application through phishing, third-party app stores, or compromised software downloads.
- Triggering the memory flaw
- The application interacts with vulnerable kernel components that improperly manage memory.
- Use-after-free condition
- The system releases memory but continues referencing it.
- Memory manipulation
- The attacker injects controlled data into the freed memory space.
- Kernel-level code execution
- The malicious code executes with kernel privileges, bypassing normal application sandbox protections.
Mitigation process
CERTVU recommends the following:
- Apply Security Updates Immediately.
Apple addressed the vulnerability by improving memory management in newer operating systems. Recommended update:- Upgrade to iOS 17 or later
- Upgrade to iPadOS 17 or later
- Restrict Untrusted Applications
- Install applications only from the official Apple App Store.
- Avoid sideloaded or unofficial applications that may contain malicious code.
- Implement Mobile Device Security Controls
Organizations should:- Use Mobile Device Management (MDM) solutions.
- Enforce minimum OS version requirements.
- Monitor devices for suspicious application behavior.
References
- Download advisory (English): Apple iOS and iPadOS Use-After-Free Vulnerability