CVE-2023-32434
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 08, 2023
- Published Date
- June 23, 2023
- Last Updated
- February 13, 2025
- Vendor
- Apple
- Product
- macOS, iOS and iPadOS, watchOS
- Description
- An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2023-06-23 00:00:00 UTC) Source
References
https://support.apple.com/en-us/HT213810
https://support.apple.com/en-us/HT213811
https://support.apple.com/en-us/HT213814
https://support.apple.com/en-us/HT213808
https://support.apple.com/en-us/HT213812
https://support.apple.com/en-us/HT213813
https://support.apple.com/en-us/HT213809
https://support.apple.com/kb/HT213990
http://seclists.org/fulldisclosure/2023/Oct/20
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-06-23 00:00:00 UTC |