CVE-2023-41974

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 17 Apple iPadOS versions prior to 17 Apple macOS versions prior to 14

Description This issue involves a use-after-free condition addressed through improved memory management. A malicious application may potentially execute arbitrary code with kernel privileges. Proof-of-concept (PoC) code has been released, and a researcher was awarded a $70,000 bounty for revealing the flaw. The vulnerability, also known as 'Landa', affects the XNU kernel. Exploitation does not necessarily lead to kernel corruption requiring cleanup to prevent a kernel panic. The issue is considered a Latest Known Exploited Vulnerability (KEV).

Recommendations Update Apple iOS to version 17 or later. Update Apple iPadOS to version 17 or later. Update Apple macOS to version 14 or later.