VDB
GSD-2023-32434
GSD-2023-32434
PUBLISHED
CVSS 7.800000190734863 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | macOS | unspecified, unspecified, * |
| Apple | watchOS | *, unspecified |
| Apple | iOS and iPadOS | unspecified, unspecified |
Timeline
- May 19, 2023 CVE Published
- Jun 23, 2023 PoC Published
- Jun 23, 2023 PoC Published
- May 9, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Feb 2, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Aug 19, 2025 PoC Published
- Aug 31, 2025 PoC Published
- Jan 28, 2026 PoC Published
- Feb 2, 2026 PoC Published
- Mar 26, 2026 PoC Published
References
- https://support.apple.com/en-us/HT213808 url
- https://support.apple.com/en-us/HT213810 url
- https://support.apple.com/en-us/HT213811 url
- https://support.apple.com/en-us/HT213814 url
- https://support.apple.com/en-us/HT213812 url
- https://support.apple.com/en-us/HT213813 url
- https://support.apple.com/en-us/HT213809 url
- https://support.apple.com/kb/HT213990 url
- http://seclists.org/fulldisclosure/2023/Oct/20 url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434 url