Rewterz Threat Alert – Multiple Apple iOS and iPadOS Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-32439 CVSS:8.8

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-32435 CVSS:8.8

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-32434 CVSS:7.8

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an integer overflow in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

Impact

• Code Execution
• Privilege Escalation

Indicators Of Compromise

CVE

• CVE-2023-32439
• CVE-2023-32435
• CVE-2023-32434

Affected Vendors

Apple

Affected Products

• Apple iOS 15.7.6
• Apple iPadOS 15.7.6
• Apple iOS 16.5.0
• Apple iPadOS 16.5.0
• Apple Safari 16.5.0
• Apple macOS Ventura 13.4
• Apple macOS Big Sur 11.7.7
• Apple macOS Monterey 12.6.6
• Apple watchOS 9.5.1
• Apple watchOS 8.8.0

Remediation

• Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.
• Apple Security Advisory