Apple Addresses Integer Overflow Vulnerability in watchOS, Other Products

CVE-2023-32434

7.8HIGH

Key Information

Vendor: Apple
Status: macOS; iOS and iPadOS; watchOS
Vendor: CVE Published:; 23 June 2023

Badges

📈 Trended💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The vulnerability CVE-2023-32434 is an integer overflow that could allow an app to execute arbitrary code with kernel privileges. Apple has released patches for this vulnerability in various software, including watchOS, macOS, iOS, and iPadOS. There are reports that this vulnerability may have been actively exploited against versions of iOS released before iOS 15.7.

The vulnerability is part of an exploit chain called BLASTPASS, which can compromise iPhones without any victim interaction. This exploit affects various models of the iPhone, iPad, and Apple Watch. Citizen Lab discovered one of the vulnerabilities while Kaspersky discovered another.

The Operation Triangulation spyware campaign has been active since 2019, and it was publicized by Kaspersky. It targets iPhones through iMessage with malicious attachments and has been used to attack Russian diplomats and private enterprises. Kaspersky has noted the campaign's unprecedented level of sophistication, using multiple zero-days to bypass security measures, abuse undocumented functions in Apple chips, and penetrate the device's defenses.

This vulnerability allows attackers to bypass hardware-based memory protection and gain unprecedented read/write access to the device's physical memory at a user level. The campaign has been described as the most sophisticated attack chain ever seen by Kaspersky.

The use of this vulnerability has raised concerns about evolving cyber threats and inflicted difficulties in detection and analysis due to its lack of public documentation. It has been recommended to update operating systems, applications, and antivirus software regularly, patch known vulnerabilities, and provide access to the latest threat intelligence for security teams.

In addition, it is recommended to implement EDR solutions for endpoint-level detection and investigation, reboot daily to disrupt persistent infections, disable iMessage and Facetime to reduce zero-click exploit risks, and promptly install iOS updates to guard against known vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-32434 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

macOS < 12.6

iOS and iPadOS < 15.7

iOS and iPadOS < 16.5

News Articles

CN-SEC

CVE-2023-32434

iOS零日攻击：专家揭示对三角定位行动的更深入见解

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the vict

7 months ago