CVE-2023-32413

HIGH

iPadOS < 15.7.6 - Race Condition Leading to Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-32413. PoCs published by synacktiv.

AI-analyzed exploit summary This is a functional local privilege escalation (LPE) exploit for CVE-2023-32413, targeting macOS. It leverages a TOCTOU (Time-of-Check to Time-of-Use) vulnerability to overwrite files and achieve root privileges.

Description

A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.

Exploits (1)

nomisec WORKING POC 15 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2023-32413

View Code ZIP pw:eip

This is a functional local privilege escalation (LPE) exploit for CVE-2023-32413, targeting macOS. It leverages a TOCTOU (Time-of-Check to Time-of-Use) vulnerability to overwrite files and achieve root privileges.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: macOS (versions vulnerable to CVE-2023-32413)

No auth needed

Prerequisites: Local access to a vulnerable macOS system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →