⚠ Actively exploited

Added to CISA KEV on 2023-06-23. Federal agencies required to patch by 2023-07-14. Required action: Apply updates per vendor instructions..

CVE-2023-32434 — Integer Overflow or Wraparound in Apple IOS AND Ipados

CWE-190 — Integer Overflow or Wraparound40 documents10 sources

Severity

7.8HIGHNVD

EPSS

57.8%

top 1.82%

CISA KEV

KEV

Added 2023-06-23

Due 2023-07-14

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +8 more

Timeline

PublishedJun 23

KEV addedJun 23

KEV dueJul 14

Latest updateMar 26

CISA Required Action: Apply updates per vendor instructions.

Description

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

▶Appleapple/macos_ventura13.4.1

▶Appleapple/macos_monterey12.6.7

▶CVEListV5apple/macosunspecified — 12.6+2

▶NVDapple/macos11.0 — 11.7.8+2

▶Appleapple/macos_big_sur11.7.8

🔴Vulnerability Details

GHSA

GHSA-4pvh-jrgh-mpvj: An integer overflow was addressed with improved input validation↗2023-06-23

▶

VulnCheck

Apple Multiple Products Integer Overflow Vulnerability↗2023

▶

📋Vendor Advisories

Apple

CVE-2023-32434: iOS 15.8 and iPadOS 15.8↗2023-10-25

▶

CISA

Apple Multiple Products Integer Overflow Vulnerability↗2023-06-23

▶

Apple

CVE-2023-32434: macOS Monterey 12.6.7↗2023-06-21

▶

Apple

CVE-2023-32434: macOS Big Sur 11.7.8↗2023-06-21

▶

Apple

CVE-2023-32434: iOS 16.5.1 and iPadOS 16.5.1↗2023-06-21

▶

🕵️Threat Intelligence

Securelist

Coruna: the framework used in Operation Triangulation↗2026-03-26

▶

Bleepingcomputer

Coruna iOS exploit framework linked to Triangulation attacks↗2026-03-26

▶

Hackernews

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks↗2026-03-26

▶

Bleepingcomputer

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks↗2025-03-11

▶

Bleepingcomputer

Apple fixes zero-day exploited in 'extremely sophisticated' attacks↗2025-02-10

▶