Login Sign Up

CVE-2023-32381

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. Attackers could gain complete control over affected devices. All users running vulnerable versions of macOS, iOS, iPadOS, tvOS, and watchOS are affected.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to macOS Monterey 12.6.8, iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6
Operating Systems: Apple macOS, Apple iOS, Apple iPadOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level privileges, allowing attackers to install persistent malware, steal sensitive data, bypass security controls, and pivot to other systems.

🟠

Likely Case

Local privilege escalation where a malicious app gains kernel privileges to bypass sandboxing and access protected system resources.

🟢

If Mitigated

Limited impact if systems are fully patched, running in restricted environments, or have additional security controls like application allowlisting.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or ability to run malicious code on the target system. Use-after-free vulnerabilities typically require precise timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.6.8, iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS). 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of untrusted applications to reduce attack surface

For macOS: sudo spctl --master-enable
For iOS/iPadOS: Enable 'Restrictions' in Settings > Screen Time > Content & Privacy Restrictions

🧯 If You Can't Patch

  • Isolate affected systems from critical networks and sensitive data
  • Implement strict application control policies to prevent execution of untrusted code

🔍 How to Verify

Check if Vulnerable:

Check current OS version against patched versions listed in Apple advisories

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version, tvOS: Settings > General > About > Version, watchOS: Watch app on iPhone > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: macOS Monterey 12.6.8+, iOS 16.6+, iPadOS 16.6+, tvOS 16.6+, macOS Big Sur 11.7.9+, macOS Ventura 13.5+, watchOS 9.6+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics or crashes
  • Unusual process spawning with elevated privileges
  • Unauthorized kernel module loading

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from kernel-level processes

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR process="kernel_task" AND action="unexpected")

📊 Metadata

CVE ID: CVE-2023-32381
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: July 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32381, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)