CVE-2023-32434

HIGH KEV

Apple Ipados < 15.7.7 - Integer Overflow

Title source: rule

Description

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Exploits (3)

nomisec WORKING POC 121 stars

by alfiecg24 · local

https://github.com/alfiecg24/Trigon

View Code ZIP pw:eip

nomisec WRITEUP

by rkrakesh524 · poc

https://github.com/rkrakesh524/oob_entry

View Code ZIP pw:eip

inthewild

poc

https://github.com/zzy3312/cve-2023-32434

View on inthewild

References (10)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Oct/20

[Vendor Advisory] https://support.apple.com/en-us/HT213808

[Vendor Advisory] https://support.apple.com/en-us/HT213809

[Vendor Advisory] https://support.apple.com/en-us/HT213810

[Vendor Advisory] https://support.apple.com/en-us/HT213811

[Vendor Advisory] https://support.apple.com/en-us/HT213812

[Vendor Advisory] https://support.apple.com/en-us/HT213813

[Vendor Advisory] https://support.apple.com/en-us/HT213814

[Vendor Advisory] https://support.apple.com/kb/HT213990

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434

Scores

CVSS v3 7.8

EPSS 0.5775

EPSS Percentile 98.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-06-23

VulnCheck KEV 2023-06-21

InTheWild.io 2023-06-21

ENISA EUVD EUVD-2023-36678

CWE

CWE-190

Status published

Products (4)

apple/ipados < 15.7.7

apple/iphone_os < 15.7.7

apple/macos 11.0 - 11.7.8

apple/watchos < 8.8.1

Published Jun 23, 2023

KEV Added Jun 23, 2023

Tracked Since Feb 18, 2026