CVE-2023-41974: The Apple iOS Kernel Flaw That Came Back to Bite

CVE-2023-41974 is a physical use-after-free in Apple’s XNU kernel patched in iOS/iPadOS 17.0 but weaponized years later via the kfd/Landa proof-of-concept and incorporated into the commercial Coruna exploit kit; Coruna delivered a PlasmaLoader payload that hooks cryptocurrency wallets and exfiltrates seed phrases, was observed in targeted and mass watering-hole campaigns, and led CISA to add the CVE to its KEV catalog due to confirmed active exploitation.