- Description
- An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Integer Overflow Vulnerability
- Exploit added on
- Jun 23, 2023
- Exploit action due
- Jul 14, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Execing the CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! ARM64e is certainly not as easy, but for now all of #arm64 should be doable with this strategy. https://t.co/ZpFv6AFQuo
@byt3n33dl3
23 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Full kernel read/write with CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! arm64e is certainly not as easy, but for now all of arm64 should be doable with this strategy. Shoutout to @staturnzdev and @imnotclarity for lots of help and ideas. https://t.c
@alfiecg_dev
22 Jan 2025
25640 Impressions
60 Retweets
435 Likes
94 Bookmarks
14 Replies
2 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-32434 2 - CVE-2024-49113 3 - CVE-2024-43405 4 - CVE-2024-10957 5 - CVE-2024-30078 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-32434 is much more powerful than just a PUAF - it can also be used as a physical mapping primitive. This allows for a deterministic exploit that doesn’t use any memory corruption. I don’t have a complete exploit yet, but so far it’s been a fun project! https://t.co/hhvej
@alfiecg_dev
5 Jan 2025
27201 Impressions
26 Retweets
266 Likes
58 Bookmarks
7 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8FAA574-E1B0-4BB4-934A-7B9D7D4363B0",
"versionEndExcluding": "15.7.7"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9696FA8-BED8-44C1-8F9F-70D7B61E861D",
"versionEndExcluding": "16.5.1",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B94C7DA5-DA67-4FFB-AB79-62CE457357D1",
"versionEndExcluding": "15.7.7"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "264BAADE-3DE3-4698-B182-15802C36FB19",
"versionEndExcluding": "16.5.1",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6FCD0AD-BB08-44D1-9E14-24C4D940B760",
"versionEndExcluding": "11.7.8",
"versionStartIncluding": "11.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "969D98EE-69B3-4F88-8170-4FBBABFEEB15",
"versionEndExcluding": "12.6.7",
"versionStartIncluding": "12.0.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3405331D-E4E6-4362-91C7-0F50DA398938",
"versionEndExcluding": "13.4.1",
"versionStartIncluding": "13.0"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "757EE36B-8601-4676-B3C8-5A58D5BBF611",
"versionEndExcluding": "8.8.1"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8B4BDE3-1FAB-4716-AEDF-DC20E0A74B04",
"versionEndExcluding": "9.5.2",
"versionStartIncluding": "9.0"
}
],
"operator": "OR"
}
]
}
]