Login Sign Up

CVE-2023-32412

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This is a critical use-after-free vulnerability in Apple operating systems that allows remote attackers to cause application crashes or execute arbitrary code. It affects multiple Apple platforms including iOS, iPadOS, macOS, watchOS, and tvOS. Attackers can exploit this without authentication to potentially take control of affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
Versions: Versions prior to the patched releases listed in the advisory
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple watchOS, Apple tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent access to the device.

🟠

Likely Case

Application crashes and denial of service, with potential for limited code execution depending on exploit sophistication.

🟢

If Mitigated

Minimal impact if patched; unpatched systems remain vulnerable to remote exploitation.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication over network connections.
🏢 Internal Only: HIGH - Internal attackers or malware could exploit this locally on vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Use-after-free vulnerabilities typically require specific memory manipulation techniques but are frequently weaponized once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5, iPadOS 16.5

Vendor Advisory: https://support.apple.com/en-us/HT213757

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. For macOS, go to System Settings > General > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Apple devices to reduce attack surface

Application Control

all

Limit untrusted applications and network services on vulnerable devices

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks and internet access
  • Implement strict application allowlisting and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check current OS version against patched versions in advisory

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. watchOS: Watch app > General > About > Version. tvOS: Settings > General > About > Version.

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in the advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes
  • Memory access violation logs
  • Kernel panic reports

Network Indicators:

  • Unusual network connections from Apple devices
  • Suspicious payloads targeting Apple services

SIEM Query:

source="apple-devices" AND (event_type="crash" OR event_type="memory_violation")

📊 Metadata

CVE ID: CVE-2023-32412
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: June 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32412, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)