Apple Addresses Root Privilege Vulnerability in macOS Ventura 13.4, tvOS 16.5, iOS 16.5, and iPadOS 16.5
CVE-2023-32428

7.8HIGH

Key Information:

Vendor
Apple
Status
Mac OS
Watch OS
iOS And iPad OS
TV OS
Vendor
CVE Published:
6 September 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability CVE-2023-32428 in Apple's macOS Ventura 13.4, tvOS 16.5, iOS 16.5, and iPadOS 16.5 allowed an app to gain root privileges, but was fixed with improved file handling in the mentioned updates. The blog by Gergely discussed various security vulnerabilities and releases, including badmalloc (CVE-2023-32428) - a macOS LPE, fs_usage_ng tool release, security of filesystems and file APIs, a Windscribe VPN privilege escalation, hacking ISP CPE equipment, and various other macOS vulnerabilities and bypasses. The blog did not mention any known exploitation of the vulnerabilities by ransomware groups.

Affected Version(s)

iOS and iPadOS < 16.5

macOS < 13.4

tvOS < 16.5

News Articles

favicon imagegergelykalman.com

Gergely's hack blog

Gergely's blog about hacking, privacy, and everything else

2 months ago

favicon imageAusCERT

AUSCERT Week in Review for 29th November 2024 - AUSCERT

Greetings, This week, we had the exciting opportunity to reconnect with our Melbourne community at an AUSCERT member meetup. It was an inspiring space for collaboration, where participants shared experiences,...

2 months ago

References

https://support.apple.com/en-us/HT213758
https://support.apple.com/en-us/HT213764
https://support.apple.com/en-us/HT213757

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by AusCERT

  • Vulnerability published

  • Vulnerability Reserved

.