CVE-2023-32428 — Vulnetix

CVE-2023-32428 PUBLISHED CVSS 8.600000381469727 HIGH

In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Accessibility", "Apple Neural Engine", "AppleMobileFileIntegrity", "Associated Domains", "Cellular", "CoreLocation", "Core Services", "ImageIO", "IOSurfaceAccelerator", "Kernel, "LaunchServices", "Metal", "Model I/O", "NetworkExtension", "PDFKit", "Photos", "Sandbox", "Security", "Shortcuts", "Siri", "SQLite", "StorageKit", "System Settings", "Telephony", "TV App", "Weather", "WebKit" sowie "Wi-Fi". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

EPSS 1.12% · 78.6th percentile

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

1.12%

78.6th percentile

Exploit Intelligence

gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc-repo)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc)
gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging (github-poc)

…and 30 more exploits

Timeline

May 18, 2023 CVE Published
Sep 6, 2023 EPSS Score
Oct 9, 2023 EPSS Score
Nov 10, 2023 EPSS Score
Dec 13, 2023 EPSS Score
Jan 15, 2024 EPSS Score
Mar 20, 2024 EPSS Score
Apr 22, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 26, 2024 EPSS Score
Jul 29, 2024 EPSS Score
Aug 30, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1251.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1251 advisory
https://support.apple.com/HT213758 advisory
https://support.apple.com/HT213759 advisory
https://support.apple.com/HT213760 advisory
https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1252.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1252 advisory
https://support.apple.com/HT213765 advisory
https://support.apple.com/HT213757 advisory

Open in Interactive Console →