Login Sign Up

CVE-2023-32366

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into processing malicious font files. It affects Apple macOS, iOS, and iPadOS users who haven't updated to the patched versions.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions before macOS Big Sur 11.7.5, macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, iOS 15.7.4, iPadOS 15.7.4
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. The vulnerability is in font processing components.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malicious font files delivered via phishing or compromised websites lead to user-level code execution, potentially escalating to full system access.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with network controls, malicious font delivery can be blocked.

🌐 Internet-Facing: MEDIUM - Attackers can host malicious font files on websites or deliver via email, but requires user interaction.
🏢 Internal Only: LOW - Requires internal attackers to place malicious font files where users will process them.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to process malicious font files. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.7.5, macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, iOS 15.7.4, iPadOS 15.7.4

Vendor Advisory: https://support.apple.com/en-us/HT213670

Restart Required: Yes

Instructions:

1. Go to System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Block suspicious font files

all

Use email/web gateways to block .ttf, .otf, and other font file attachments from untrusted sources.

User education

all

Train users not to open font files from unknown sources and to verify file extensions.

🧯 If You Can't Patch

  • Implement application allowlisting to prevent unauthorized font processing applications.
  • Use network segmentation to isolate vulnerable systems from internet and untrusted networks.

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On macOS: System Settings > General > About. On iOS/iPadOS: Settings > General > About.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual font file processing from untrusted sources
  • Crash reports from font processing services

Network Indicators:

  • Downloads of font files from suspicious domains
  • Font file transfers via email attachments

SIEM Query:

source="*font*" AND (event="crash" OR event="malicious")

📊 Metadata

CVE ID: CVE-2023-32366
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 10, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32366, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)