CVE-2023-32434

Summary

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Affected Software

VendorProductVersion RangeStatus
ApplemacOSunspecified < 12.6affected
AppleiOS and iPadOSunspecified < 15.7affected
AppleiOS and iPadOSunspecified < 16.5affected
ApplewatchOSunspecified < 8.8affected
ApplewatchOSunspecified < 9.5affected
ApplemacOSunspecified < 13.4affected
ApplemacOSunspecified < 11.7affected

Weaknesses

  • An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References