[CDP-development] TLP:GREEN (Exploited Vulnerability Alert Notification) CVE-2023-32434 Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Thu Oct 26 15:02:29 PDT 2023 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2023-32434 Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On October 25, 2023, Apple released a security advisory related to CVE-2023-32434. CISA has previously added CVE-2023-32434 to the known exploited vulnerabilities catalog on June 23, 2023.

The following vulnerable versions of iOS:

  *   Apple iOS and iPadOS versions before 15.7.7
  *   Apple iOS and iPadOS versions before 16.5.1

The following vulnerable versions of macOS:

  *   Apple macOS Ventura versions before 13.4.1
  *   Apple macOS Monterey versions before 12.6.7
  *   Apple macOS Big Sur versions before 11.7.8


This vulnerability affects the following hardware platforms:

  *   iPhone (6s through 8 - all models)
  *   iPhone SE (1st generation)
  *   iPad (5th generation or later)
  *   iPad Mini (4th generation or later)
  *   iPad Air (3rd generation or later)
  *   iPad Air 2
  *   iPad Pro (all models)
  *   iPod touch (7th generation)

Apple has released security advisories for this vulnerability:

iOS and iPadOS:
iOS and iPadOS 15.7.7: https://support.apple.com/en-us/HT213811
iOS and iPadOS 16.5.1: https://support.apple.com/en-us/HT213814

macOS:
macOS Big Sur: https://support.apple.com/en-us/HT213809
macOS Monterey: https://support.apple.com/en-us/HT213810
macOS Ventura: https://support.apple.com/en-us/HT213813

Intelligence: As of October 25, 2023, the vulnerability has been confirmed as being exploited in the wild. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7 for CVE-2023-32434

Workarounds: There are no workarounds for this vulnerability.

How it works: For customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.

Post-Exploit: This integer overflow vulnerability may allow an attacker to execute arbitrary code with kernel privileges.

Additional Resources:

The InTune team has provide the attached documents, which can be tailored to your needs. They provide answers to frequently asked questions about iOS updates from the perspective of both technicians and users as well as the update process.

As of 10/25/2023, Tenable has released plugins for this vulnerability regarding CVE-2023-32434 from June 21, 2023.
Plugin
Title
Severity
177474<https://www.tenable.com/plugins/nessus/177474>
macOS 13.x < 13.4.1 Multiple Vulnerabilities (HT213813)
High
177475<https://www.tenable.com/plugins/nessus/177475>
macOS 12.x < 12.6.7 (HT213810)
High
177477<https://www.tenable.com/plugins/nessus/177477>
macOS 11.x < 11.7.8 (HT213809)
High

Recommended Actions:


  *   Verify the device is charged to at least 50% and is plugged into a charger before applying patches.
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.

[cid:image002.png at 01DA081D.6E0F6F30]




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231026/c61ee982/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 34244 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231026/c61ee982/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_User.pdf
Type: application/pdf
Size: 189456 bytes
Desc: iOS Updates_FAQ_User.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231026/c61ee982/attachment-0003.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_Tech.pdf
Type: application/pdf
Size: 198174 bytes
Desc: iOS Updates_FAQ_Tech.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231026/c61ee982/attachment-0004.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Apple_OS_Updates_Process.pdf
Type: application/pdf
Size: 280576 bytes
Desc: Apple_OS_Updates_Process.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231026/c61ee982/attachment-0005.pdf>

More information about the CDP-development mailing list