| Vulnerability in XNU | |
|---|---|
| Software | iOS and macOS |
| Vulnerable in | ? - iOS 16.5, ? - macOS 13.4 |
| Fixed in | iOS 16.5.1, macOS 13.4.1 |
| Disclosed | 1 May 2023 |
| Discovered by | Félix Poulin-Bélanger, Kaspersky |
| CVE | CVE-2023-32434 |
| Apple KB | HT103837 |
CVE-2023-32434, also known as Smith, is an integer overflow in the XNU kernel that leads to a Physical Use After Free vulnerability. This was a bug collision, as it was also found to be being used as the kernel exploit in the Operation Triangulation chain. The exploit is available to use in Dopamine. Furthermore, it is reachable from the WebContent sandbox, which allowed it to be used in an in-the-wild malware chain.
