A critical alert from CISA warns that several Apple vulnerabilities are actively exploited and have been added to the Known Exploited Vulnerabilities (KEV) catalog, requiring urgent patching across macOS, iOS, iPadOS, tvOS, watchOS, and Safari.

Patches and mitigations are mandated for all affected platforms under government directives, with a remediation deadline of March 26, 2026, including both the public sector and private defenders.

Three actively exploited Apple flaws were added to the KEV catalog on March 5, 2026, underscoring the urgent need for remediation by the March 26 deadline.

The KEV confirmation highlights ongoing exploitation in the wild, though it remains unclear whether linked to ransomware, espionage, or other campaigns.

Each vulnerability can be triggered by processing maliciously crafted web content, potentially causing memory corruption, arbitrary code execution, or kernel-level access.

Defenders are advised to apply all available Apple updates per vendor instructions, follow Binding Operational Directive 22-01 for cloud environments, and decommission vulnerable products if mitigations cannot be deployed.

CISA emphasizes that threat actors are actively exploiting these flaws in real-world attacks, making them critical priorities for IT teams and defenders.

While it’s unknown if these flaws are linked to active ransomware, the risk of arbitrary code execution and kernel access is severe and demands remediation.

Federal guidance under BOD 22-01 requires FCEB agencies to secure networks by March 26, 2026, with private sector entities urged to prioritize updates immediately.

Federal civilian agencies must patch these flaws by the deadline, and private organizations and individuals are urged to apply updates promptly.

Notable CVEs include CVE-2023-43000 (Use-After-Free in macOS, iOS, iPadOS, Safari 16.6), CVE-2021-30952 (integer overflow across Apple platforms), and CVE-2023-41974 (Use-After-Free on iOS/iPadOS affecting kernel privileges when triggered by a malicious app or content.

Affected products span iOS, iPadOS, macOS, tvOS, watchOS, and Safari, impacting devices across the Apple ecosystem.