Login Sign Up

CVE-2023-32434

7.8 HIGH

📋 TL;DR

This CVE-2023-32434 is an integer overflow vulnerability in Apple operating systems that allows malicious applications to execute arbitrary code with kernel privileges. It affects multiple Apple platforms including iOS, iPadOS, macOS, and watchOS. Apple has confirmed this vulnerability may have been actively exploited against versions of iOS released before iOS 15.7.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
Versions: Versions before watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7, iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1, iPadOS 16.5.1, macOS Ventura 13.4.1
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Apple has confirmed active exploitation against pre-iOS 15.7 versions.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Watchos by Apple

View all CVEs affecting Watchos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level privileges, allowing attackers to install persistent malware, access all user data, bypass security controls, and maintain persistent access to the device.

🟠

Likely Case

Targeted attacks against specific individuals or organizations using malicious applications that exploit this vulnerability to gain elevated privileges and access sensitive information.

🟢

If Mitigated

Limited impact with proper application sandboxing and security controls, though kernel-level access could still bypass many protections.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install and run a malicious application. Apple confirms active exploitation in the wild against older iOS versions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7, iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1, iPadOS 16.5.1, macOS Ventura 13.4.1

Vendor Advisory: https://support.apple.com/en-us/HT213808

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. On macOS, go to System Preferences > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of applications from untrusted sources and only install from official App Store

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application control policies to prevent installation of untrusted applications

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Check Version:

iOS/iPadOS/watchOS: Settings > General > About > Version. macOS: sw_vers or system_profiler SPSoftwareDataType

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: watchOS 9.5.2+, macOS Big Sur 11.7.8+, iOS 15.7.7+, iPadOS 15.7.7+, macOS Monterey 12.6.7+, watchOS 8.8.1+, iOS 16.5.1+, iPadOS 16.5.1+, macOS Ventura 13.4.1+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Processes running with elevated privileges without authorization
  • System integrity protection (SIP) violations

Network Indicators:

  • Unusual outbound connections from system processes
  • Communication with known malicious domains from kernel-level processes

SIEM Query:

process_creation where parent_process_name contains 'kernel' or process_integrity_level == 'system' and not process_path contains known_good_paths

📊 Metadata

CVE ID: CVE-2023-32434
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: June 23, 2023
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32434, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)