CVE-2023-32407

MEDIUM

iPadOS < 15.7.6 - Privacy Preferences Bypass via Logic Issue

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-32407. PoCs published by gergelykalman.

AI-analyzed exploit summary This PoC exploits CVE-2023-32407, a macOS TCC bypass vulnerability in Metal, by manipulating directory symlinks and file operations to overwrite the TCC.db file, effectively bypassing Transparency, Consent, and Control protections.

Description

A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

Exploits (1)

nomisec WORKING POC 11 stars

by gergelykalman · poc

https://github.com/gergelykalman/CVE-2023-32407-a-macOS-TCC-bypass-in-Metal

View Code ZIP pw:eip

This PoC exploits CVE-2023-32407, a macOS TCC bypass vulnerability in Metal, by manipulating directory symlinks and file operations to overwrite the TCC.db file, effectively bypassing Transparency, Consent, and Control protections.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Complex

Reliability

Racy

Target: macOS (specific version not specified)

No auth needed

Prerequisites: Access to the target system · Ability to execute Python scripts · Specific macOS environment with Metal and TCC

MITRE ATT&CK

T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →