CVE-2023-32435

ENISA EUVD: EUVD-2023-36679 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 22 articles Published: 2023-06-23

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.23%

probability

This CVE has a 0.23% probability of being exploited in the next 30 days.

0% Top 46.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Affected Products

Apple

macOS

unspecified

Apple

iOS and iPadOS

unspecified

Apple

Safari

unspecified

Apple

iOS and iPadOS

unspecified

apple

safari

apple

ipados

apple

iphone os

apple

macos

Apple

macOS

unspecified <13.3

Apple

iOS and iPadOS

unspecified <15.7

Apple

Safari

unspecified <16.4

Apple

iOS and iPadOS

unspecified <16.4

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

June 21, 2023

Reported by

Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

Root Cause Analysis

???

https://support.apple.com/en-us/HT213670

https://support.apple.com/en-us/HT213811

https://support.apple.com/en-us/HT213671

https://support.apple.com/en-us/HT213676

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.23%

CVSS v3.1 8.8

Mentions 22

Last Seen Mar 11, 2025

CNA Information

CNA Assigner

apple

Analyst Note

This CVE is confirmed as an actively exploited zero-day with strong evidence: Apple acknowledged in-the-wild exploitation, it was reported by Google Project Zero, multiple sources document sophisticated attacks, and the vulnerability affects critical Apple products (macOS, iOS, Safari) with a high CVSS score of 8.8. The memory corruption issue enabling arbitrary code execution has been patched across multiple product versions, further validating its severity and authenticity.

Threat Actors 1

Kimsuky

apt_group Information theft and espionage 🇰🇷 KR

Triage Info

Decided atFeb 18, 2026

Published DateJun 23, 2023