CVE-2023-32434

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 23 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

53.99%

probability

This CVE has a 53.99% probability of being exploited in the next 30 days.

0% Top 98.0th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Integer overflow in the XNU kernel

Attack Intelligence

CWE-190 · Integer Overflow CWE-682 · Incorrect Calculation

Google Project Zero

Patched

June 21, 2023

Reported by

Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

Root Cause Analysis

???

Apple fixes zero-day exploited in 'extremely sophisticated' attacks

BleepingComputer Feb 10, 2025

Apple fixes this year’s first actively exploited zero-day bug

BleepingComputer Jan 27, 2025

Apple fixes iOS Kernel zero-day vulnerability on older iPhones

BleepingComputer Oct 12, 2023

Apple emergency update fixes new zero-day used to hack iPhones

BleepingComputer Oct 04, 2023

Apple fixes new zero-day used in attacks against iPhones, Macs

BleepingComputer Jul 24, 2023

Apple fixes zero-days used to deploy Triangulation spyware via iMessage

BleepingComputer Jun 21, 2023

Apple releases emergency update to fix zero-day exploited in attacks

BleepingComputer Jul 10, 2023

Apple fixes two zero-days used in attacks on Intel-based Macs

BleepingComputer Nov 19, 2024

Apple re-releases zero-day patch after fixing browsing issue

BleepingComputer Jul 12, 2023

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

TheHackerNews

Apple emergency updates fix 3 new zero-days exploited in attacks

BleepingComputer Sep 21, 2023

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

BleepingComputer Sep 07, 2023

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

TheHackerNews

Apple fixes two new iOS zero-days exploited in attacks on iPhones

BleepingComputer Mar 05, 2024

Apple fixes first zero-day bug exploited in attacks this year

BleepingComputer Jan 22, 2024

Apple emergency updates fix recent zero-days on older iPhones

BleepingComputer Dec 11, 2023

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks

BleepingComputer Mar 11, 2025

Apple fixes two new iOS zero-days in emergency updates

BleepingComputer Nov 30, 2023

Apple backports BLASTPASS zero-day fix to older iPhones

BleepingComputer Sep 12, 2023

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

TheHackerNews Mar 12, 2026

Signal Intelligence

Confidenceⓘ

92%

EPSS 53.99%

Mentions 23

Last Seen Mar 12, 2026

CNA Information

Analyst Note

This CVE is confirmed as actively exploited in the wild with kernel-level privilege escalation capability (CVSS 7.8 HIGH). Google Project Zero attribution, multiple coordinated Apple security patches across iOS/macOS/watchOS platforms, and media reports of 'extremely sophisticated' attacks provide strong corroboration of active exploitation.

Threat Actors 2

Kimsuky

apt_group Information theft and espionage 🇰🇷 KR

Operation Triangulation

apt_group Information theft and espionage 🇷🇺 RU

Triage Info

Decided atFeb 18, 2026