- Description
- An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os, macos, watchos
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Integer Overflow Vulnerability
- Exploit added on
- Jun 23, 2023
- Exploit action due
- Jul 14, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
TRC analysis reveals the Coruna exploit kit has transitioned from government surveillance tool to widespread cybercriminal weapon targeting iOS devices. Attackers chain CVE-2023-32434 and CVE-2023-38606 to achieve kernel-level compromise and establish persistent C2 channels. This
@aviatrixtrc
27 Mar 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Coruna iOS exploit kit reuses exploits from Operation Triangulation, including CVE-2023-32434 & CVE-2023-38606. Originally used in targeted espionage, it’s now seen in broader attacks, highlighting the growing proliferation of advanced exploit tools. Read:
@ArmoredMobile
27 Mar 2026
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Coruna iOS kit: 23 exploits, 5 chains, nation-state code now in criminal hands. CVE-2023-32434 gives full kernel control — same vuln from 2023 Operation Triangulation spyware. First confirmed mass iOS exploitation. CISA patch deadline was today. https://t.co/nzYQfOd5ku
@CybrPulse
26 Mar 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Securelist] Coruna: the framework used in Operation Triangulation. Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the... https://t.co/PhfzEhsBnN
@shah_sheikh
26 Mar 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Coruna : nouveau spyware iOS ciblant iOS, lié à l'Opération Triangulation. Les failles zero-day CVE-2023-32434 & CVE-2023-38606 ont été découvertes par Kaspersky. #Cybersecurity #InfoSec #Vulnerability https://t.co/qzpqJfcK2B
@cyberwatcher_
5 Mar 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
セキュリティ研究者たちは、Apple iOSデバイスを対象とした新しいカーネルエクスプロイト「Trigon」を発表した。これはXNUカーネルの仮想メモリサブシステムに存在する重大な脆弱性(CVE-2023-32434)を利用している。… https://t.co/mErqW25ysP
@yousukezan
3 Mar 2025
3015 Impressions
4 Retweets
35 Likes
12 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Trigon iOS Kernel Exploit 📅 Timeline: Disclosure: 2023-06-23, Patch: 2023-06-23 🆔cveId: CVE-2023-32434 📊baseScore: 7.8 📏cvssMetrics: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity: Actively Exploited… https://t.co/dWE
@syedaquib77
3 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alfie CG publishes write-up on Trigon, a deterministic kernel exploit based on CVE-2023-32434 that can’t fail https://t.co/aJl47p9otZ
@iDownloadBlog
2 Mar 2025
1766 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Execing the CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! ARM64e is certainly not as easy, but for now all of #arm64 should be doable with this strategy. https://t.co/ZpFv6AFQuo
@byt3n33dl3
23 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Full kernel read/write with CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! arm64e is certainly not as easy, but for now all of arm64 should be doable with this strategy. Shoutout to @staturnzdev and @imnotclarity for lots of help and ideas. https://t.c
@alfiecg_dev
22 Jan 2025
25640 Impressions
60 Retweets
435 Likes
94 Bookmarks
14 Replies
2 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-32434 2 - CVE-2024-49113 3 - CVE-2024-43405 4 - CVE-2024-10957 5 - CVE-2024-30078 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-32434 is much more powerful than just a PUAF - it can also be used as a physical mapping primitive. This allows for a deterministic exploit that doesn’t use any memory corruption. I don’t have a complete exploit yet, but so far it’s been a fun project! https://t.co/hhvej
@alfiecg_dev
5 Jan 2025
27201 Impressions
26 Retweets
266 Likes
58 Bookmarks
7 Replies
2 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FAA574-E1B0-4BB4-934A-7B9D7D4363B0",
"versionEndExcluding": "15.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9696FA8-BED8-44C1-8F9F-70D7B61E861D",
"versionEndExcluding": "16.5.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B94C7DA5-DA67-4FFB-AB79-62CE457357D1",
"versionEndExcluding": "15.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "264BAADE-3DE3-4698-B182-15802C36FB19",
"versionEndExcluding": "16.5.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FCD0AD-BB08-44D1-9E14-24C4D940B760",
"versionEndExcluding": "11.7.8",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969D98EE-69B3-4F88-8170-4FBBABFEEB15",
"versionEndExcluding": "12.6.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3405331D-E4E6-4362-91C7-0F50DA398938",
"versionEndExcluding": "13.4.1",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "757EE36B-8601-4676-B3C8-5A58D5BBF611",
"versionEndExcluding": "8.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B4BDE3-1FAB-4716-AEDF-DC20E0A74B04",
"versionEndExcluding": "9.5.2",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]