Severity
High
Analysis Summary
CVE-2023-32439 CVSS:8.8
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-32435 CVSS:8.8
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-32434 CVSS:7.8
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an integer overflow in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
Impact
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-32439
- CVE-2023-32435
- CVE-2023-32434
Affected Vendors
Apple
Affected Products
- Apple iOS 15.7.6
- Apple iPadOS 15.7.6
- Apple iOS 16.5.0
- Apple iPadOS 16.5.0
- Apple Safari 16.5.0
- Apple macOS Ventura 13.4
- Apple macOS Big Sur 11.7.7
- Apple macOS Monterey 12.6.6
- Apple watchOS 9.5.1
- Apple watchOS 8.8.0
Remediation
- Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.
- Apple Security Advisory