Apple Multiple Products Integer Overflow Vulnerability
Summary
| CVE | CVE-2023-32434 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-23 18:15:00 UTC |
| Updated | 2023-10-25 23:15:00 UTC |
| Description | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. |
Risk And Classification
EPSS: 0.612480000 probability, percentile 0.983010000 (date 2026-04-01)
CISA KEV: Listed on 2023-06-23; due 2023-07-14; ransomware use Unknown
Problem Types: CWE-190
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | Multiple Products |
| Name | Apple Multiple Products Integer Overflow Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://support.apple.com/en-us/HT213808, https://support.apple.com/en-us/HT213812, https://support.apple.com/en-us/HT213809, https://support.apple.com/en-us/HT213810, https://support.apple.com/en-us/HT213813, https://support.apple.com/en-us/HT213811, https://support.apple.com/en-us/HT213814; https://nvd.nist.gov/vuln/detail/CVE-2023-32434 |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of watchOS 8.8.1 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-10-25-2023-3 iOS 15.8 and iPadOS 15.8 | MISC | seclists.org | |
| Full Disclosure: APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1 | FULLDISC | seclists.org | |
| About the security content of macOS Big Sur 11.7.8 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7 | FULLDISC | seclists.org | |
| Full Disclosure: APPLE-SA-2023-06-21-8 watchOS 8.8.1 | FULLDISC | seclists.org | |
| About the security content of iOS 15.8 and iPadOS 15.8 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 15.7.7 and iPadOS 15.7.7 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-2023-06-21-5 macOS Monterey 12.6.7 | FULLDISC | seclists.org | |
| Full Disclosure: APPLE-SA-2023-06-21-7 watchOS 9.5.2 | FULLDISC | seclists.org | |
| About the security content of macOS Monterey 12.6.7 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-2023-06-21-6 macOS Big Sur 11.7.8 | FULLDISC | seclists.org | |
| Full Disclosure: APPLE-SA-2023-06-21-4 macOS Ventura 13.4.1 | FULLDISC | seclists.org | |
| About the security content of watchOS 9.5.2 - Apple Support | MISC | support.apple.com | |
| About the security content of macOS Ventura 13.4.1 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 16.5.1 and iPadOS 16.5.1 - Apple Support | MISC | support.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378606 Apple macOS Ventura 13.4.1 Not Installed (HT213813)
- 378607 Apple macOS Monterey 12.6.7 Not Installed (HT213810)
- 378608 Apple macOS Big Sur 11.7.8 Not Installed (HT213809)
- 610489 Apple iOS 16.5.1 and iPadOS 16.5.1 Security Update Missing (HT213814)
- 610490 Apple iOS 15.7.7 and iPadOS 15.7.7 Security Update Missing (HT213811)
- 610522 Apple iOS 15.8 and iPadOS 15.8 Security Update Missing (HT213990)