CVE-2023-32434
Integer Overflow — is CVE-2023-32434real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2023-32434)<a href="https://www.truepositive.app/cve/CVE-2023-32434"><img src="https://www.truepositive.app/cve/CVE-2023-32434/badge.svg" alt="TruePositive verdict for CVE-2023-32434"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
Pick your verdict — we'll save it right after a quick sign-in.
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Apple Multiple Products Integer Overflow Vulnerability — Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. Listed in the CISA KEV catalog (added 2023-06-23) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~52%. Treat it as real and prioritize remediation over triage.
- 0
Required action for Apple Multiple Products: Apply updates per vendor instructions. CISA set a federal remediation due date of 2023-07-14. After patching, verify the vulnerable path is no longer reachable before closing the finding.
Related CVEs
Same weakness — CWE-190 · Integer Overflow.
- CVE-2021-30860CVSS 7.8KEVEPSS 76%
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- CVE-2015-8651CVSS 8.8KEVEPSS 68%
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
- CVE-2013-2729CVSS 9.8KEVEPSS 67%
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
- CVE-2018-6065CVSS 8.8KEVEPSS 59%
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-14634CVSS 7.8KEVEPSS 15%
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
- CVE-2021-30952CVSS 7.8KEVEPSS 8%
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.