7.8

CVE-2023-32434

Warnung
Medienbericht
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPadOS Version < 15.7.7
AppleiPadOS Version >= 16.0 < 16.5.1
AppleiPhone OS Version < 15.7.7
AppleiPhone OS Version >= 16.0 < 16.5.1
ApplemacOS Version >= 11.0 < 11.7.8
ApplemacOS Version >= 12.0.0 < 12.6.7
ApplemacOS Version >= 13.0 < 13.4.1
ApplewatchOS Version < 8.8.1
ApplewatchOS Version >= 9.0 < 9.5.2

23.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Integer Overflow Vulnerability

Schwachstelle

Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 51.52% 0.988
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.04.2026 15:17
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
26.03.2026 14:24
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
17.03.2026 22:20
http://seclists.org/fulldisclosure/2023/Oct/20
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT213808
Vendor Advisory
https://support.apple.com/en-us/HT213809
Vendor Advisory
https://support.apple.com/en-us/HT213810
Vendor Advisory
https://support.apple.com/en-us/HT213811
Vendor Advisory
https://support.apple.com/en-us/HT213812
Vendor Advisory
https://support.apple.com/en-us/HT213813
Vendor Advisory
https://support.apple.com/en-us/HT213814
Vendor Advisory
https://support.apple.com/kb/HT213990
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434
US Government Resource