Apple carries the broadest platform exposure this period across two separate items. CVE-2025-43520 (CVSS 7.8, CISA KEV, active exploitation confirmed) is a buffer overflow affecting iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, with a federal remediation deadline of April 3, 2026. Separately, the Coruna campaign — an evolution of the well-documented Operation Triangulation iOS espionage framework — targets iOS 17.2 and earlier on A17 and M3-series chips, with anchor CVEs CVE-2023-32434 and CVE-2023-38606 both confirmed actively exploited and patched; Coruna-specific claims carry low confidence pending independent corroboration. Priority actions: patch macOS to Sequoia 15.7.2 or later, push iOS/iPadOS 17.x updates across all managed and BYOD fleets via MDM, and enforce minimum OS version compliance.