CVE-2023-32434

Apple Products watchOS versions prior to 9.5.2 macOS Big Sur versions prior to 11.7.8 iOS versions prior to 15.7.7 iPadOS versions prior to 15.7.7 macOS Monterey versions prior to 12.6.7 watchOS versions prior to 8.8.1 iOS versions prior to 16.5.1 iPadOS versions prior to 16.5.1 macOS Ventura versions prior to 13.4.1

Description An integer overflow issue exists in Apple products, addressed through improved input validation. This flaw could allow an application to execute arbitrary code with kernel privileges. Reports indicate that this issue was potentially exploited in the wild against iOS versions released before iOS 15.7. The vulnerability is related to an integer overflow in mach make memory entry and vm copy. Exploitation involves a chain of events, starting with an invisible iMessage attachment that triggers a series of exploits to open a malicious URL containing obfuscated JavaScript and an encrypted payload. The JavaScript validator and binary validator are used to determine if the target device is a research environment. The vulnerability can be leveraged for full kernel read/write access, potentially enabling a deterministic exploit strategy. The offset and size are input variables that allow attackers to bypass restrictions and map memory outside the parent memory object. The Operation Triangulation campaign utilized this vulnerability, along with other techniques, to compromise devices and collect sensitive information, including microphone recordings, iCloud keychains, SQLite database data, and location data.

Recommendations Update to watchOS 9.5.2. Update to macOS Big Sur 11.7.8. Update to iOS 15.7.7. Update to iPadOS 15.7.7. Update to macOS Monterey 12.6.7. Update to watchOS 8.8.1. Update to iOS 16.5.1. Update to iPadOS 16.5.1. Update to macOS Ventura 13.4.1.