CVE-2023-32434
CVE-2023-32434
In short
A flaw in how Apple systems handle very large numbers (integer overflow) could allow a malicious app to run malicious code with the highest system privileges. This is a serious issue because it gives attackers complete control over your device.
Technical detail
An integer overflow vulnerability in Apple's kernel allows a local attacker to bypass input validation and execute arbitrary code with kernel-level privileges. The vulnerability affects multiple iOS, macOS, and watchOS versions; active exploitation has been confirmed in the wild on older iOS versions prior to 15.7.
Summary generated and translated by AI from the official description.
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
public PoCs found — 2
githubgithub.com/alfiecg24/Trigon★ 129githubgithub.com/rkrakesh524/oob_entry★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2023/Oct/20https://support.apple.com/en-us/HT213808https://support.apple.com/en-us/HT213809https://support.apple.com/en-us/HT213810https://support.apple.com/en-us/HT213811https://support.apple.com/en-us/HT213812https://support.apple.com/en-us/HT213813https://support.apple.com/en-us/HT213814https://support.apple.com/kb/HT213990https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434