CISA has added CVE-2023-43000 to the Known Exploited Vulnerabilities (KEV) catalogue, affecting Apple and its Multiple Products; the vulnerability is named Apple Multiple products Use-After-Free Vulnerability and is described as a memory corruption risk in macOS, iOS, iPadOS and Safari 16.6 when processing malicious web content.
Technical detail: The flaw is a use-after-free memory corruption vulnerability with an attack vector of processing maliciously crafted web content. The CVSS base score is 8.8 (HIGH). A patch is available from Apple at https://support.apple.com/en-us/120324, and the NVD entry is https://nvd.nist.gov/vuln/detail/CVE-2023-43000.
Exploitation and risk: Active exploitation has been confirmed, and no ransomware campaign use is known for this entry. The remediation due date is 2026-03-26.
Required action: CISA requires organisations to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Directly affected are FCEB agencies; all organisations should review their exposure.
Final sentence: For full details, see the linked NVD entry and the CISA KEV catalogue.