Login Sign Up

CVE-2023-32384

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Apple's image processing components that could allow arbitrary code execution when processing a malicious image. The vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, watchOS, and tvOS. Attackers could exploit this to gain control of affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
Versions: Versions before watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5, iPadOS 16.5
Operating Systems: iOS, iPadOS, macOS, watchOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable when processing images through system components or applications using system image libraries.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Application crash or limited code execution in sandboxed contexts, potentially leading to data leakage or privilege escalation.

🟢

If Mitigated

No impact if patched; limited impact if proper application sandboxing and memory protections are enforced.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to process a malicious image, but no authentication is needed. The buffer overflow nature suggests reliable exploitation may require specific conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5, iPadOS 16.5

Vendor Advisory: https://support.apple.com/en-us/HT213757

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. Install available updates. 3. For macOS, go to System Preferences > Software Update. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable automatic image processing

all

Configure applications to not automatically process images from untrusted sources.

Network filtering

all

Block or filter image files from untrusted sources at network perimeter.

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks and limit internet access.
  • Implement application whitelisting to prevent execution of unauthorized code.

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Check Version:

iOS/iPadOS/watchOS/tvOS: No command line; use Settings GUI. macOS: sw_vers -productVersion

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes related to image processing libraries
  • Memory access violation errors in system logs

Network Indicators:

  • Unusual outbound connections after image file downloads
  • Suspicious image file transfers to endpoints

SIEM Query:

source="*system.log" AND ("ImageIO" OR "CoreGraphics") AND ("crash" OR "segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2023-32384
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: June 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32384, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)