ACCORDING to CISA, Apple, Rockwell, and Hikvision flaws were added to the Known Exploited Vulnerabilities catalog, with five CVEs listed: CVE-2023-43000 (CVSS 8.8) Apple Use-After-Free in WebKit; CVE-2017-7921 (CVSS 9.8) Hikvision Improper Authentication; CVE-2021-22681 (CVSS 9.8) Rockwell Insufficient Protected Credentials; CVE-2021-30952 (CVSS 8.8) Apple Integer Overflow or Wraparound; and CVE-2023-41974 (CVSS 7.8) Apple iOS and iPadOS Use-After-Free.
The release notes also explain that CVE-2023-43000 affects WebKit and was addressed in macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, and Safari 16.6. The article notes that Coruna, an iOS exploit kit observed by Google Threat Intelligence Group, targets iPhones running iOS 13.0–17.2.1 and includes five exploit chains and 23 exploits, though it is ineffective against the latest iOS release; CISA’s list adds the Apple, Hikvision and Rockwell flaws in response to such threats.
CISA also states that agencies must address the identified vulnerabilities by 26 March 2026 under Binding Operational Directive 22-01. The piece was published on 6 March 2026.