CVE-2023-32434

HIGH KEV

iPadOS < 15.7.7 - Integer Overflow to Kernel Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-32434 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 23, 2023. EIP tracks 2 public exploits from researchers including alfiecg24, rkrakesh524.

AI-analyzed exploit summary Trigon is a deterministic kernel exploit for CVE-2023-32434, targeting iOS 13-15.7.6 on A9-A11 devices. It leverages an integer overflow in XNU's VM layer to achieve arbitrary physical address read/write primitives, bypassing page table restrictions.

Description

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Exploits (2)

nomisec WORKING POC 121 stars
by alfiecg24 · local
https://github.com/alfiecg24/Trigon

Trigon is a deterministic kernel exploit for CVE-2023-32434, targeting iOS 13-15.7.6 on A9-A11 devices. It leverages an integer overflow in XNU's VM layer to achieve arbitrary physical address read/write primitives, bypassing page table restrictions.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Apple iOS 13.0 - 15.7.6 (XNU kernel)
No auth needed
Prerequisites: A9-A11 device running vulnerable iOS version · Local access to the device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by rkrakesh524 · poc
https://github.com/rkrakesh524/oob_entry

This repository is a research-oriented documentation project focused on iOS kernel security and tfp0 access concepts. It emphasizes ethical, authorized research and does not contain exploit code or actionable steps for unauthorized access.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: iOS kernel (general)
Auth required
Prerequisites: Authorized lab environment · Written permission for testing · Isolated iOS devices
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10

Scores

CVSS v3 7.8
EPSS 0.5238
EPSS Percentile 98.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2023-06-23
VulnCheck KEV 2023-06-21
InTheWild.io 2023-06-21
ENISA EUVD EUVD-2023-36678
CWE
CWE-190
Status published
Products (4)
apple/ipados < 15.7.7
apple/iphone_os < 15.7.7
apple/macos 11.0 - 11.7.8
apple/watchos < 8.8.1
Published Jun 23, 2023
KEV Added Jun 23, 2023
Tracked Since Feb 18, 2026