Search cyberveille.decio.ch

smith (CVE-2023-32434)

This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.

#Poulin-Bélanger #EN #2023 #exploit #analysis #vulnerability #github #macos #ios #CVE-2023-32434

·github.com·Jan 3, 2024

smith (CVE-2023-32434)

Apple patches are out – old iPhones get an old zero-day fix at last!

Don’t delay, especially if you’re still running an iOS 12 device… please do it today!

#nakedsecurity #EN #2023 #vulnerability #apple #cve-2022-42856 #exploit #ios #ios-12 #ipados #zero-day

·nakedsecurity.sophos.com·Jan 24, 2023

Apple patches are out – old iPhones get an old zero-day fix at last!

Don’t delay, especially if you’re still running an iOS 12 device… please do it today!

#nakedsecurity #EN #2023 #vulnerability #apple #cve-2022-42856 #exploit #ios #ios-12 #ipados #zero-day

·nakedsecurity.sophos.com·Jan 24, 2023

Apple patches are out – old iPhones get an old zero-day fix at last!