CVE-2023-32354: Input Validation
First published: Thu May 18 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.
Credit: Linus Henze Pinauten GmbHLinus Henze Pinauten GmbHLinus Henze Pinauten GmbH product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <16.5 | 16.5 | |
| <16.5 | 16.5 | |
| Apple tvOS | <16.5 | 16.5 |
| Apple watchOS | <9.5 | 9.5 |
| Apple iPadOS | <16.5 | |
| Apple iPhone OS | <16.5 | |
| Apple tvOS | <16.5 | |
| Apple watchOS | <9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213757 (Advisory)
- https://support.apple.com/en-us/HT213761 (Advisory)
- https://support.apple.com/en-us/HT213764 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32388
- CVE-2023-32400
- CVE-2023-34352
- CVE-2023-32425
- CVE-2023-32411
- CVE-2023-32371
- CVE-2023-32419
- CVE-2023-32399
- CVE-2023-28191
- CVE-2023-32392
- CVE-2023-32372
- CVE-2023-32384
- CVE-2023-32354
- CVE-2023-32420
- CVE-2023-27930
- CVE-2023-32398
- CVE-2023-32413
- CVE-2023-32352
- CVE-2023-29469
- CVE-2023-42869
- CVE-2023-32428
- CVE-2023-32407
- CVE-2023-32368
- CVE-2023-32403
- CVE-2023-32437
- CVE-2023-32385
- CVE-2023-32365
- CVE-2023-32390
- CVE-2023-32357
- CVE-2023-32367
- CVE-2023-32432
- CVE-2023-32391
- CVE-2023-32404
- CVE-2023-32394
- CVE-2023-32422
- CVE-2023-32376
- CVE-2023-28202
- CVE-2023-32412
- CVE-2023-32408
- CVE-2023-32415
- CVE-2023-32402
- CVE-2023-32423
- CVE-2023-32409
- CVE-2023-28204
- CVE-2023-32373
- CVE-2023-32389
- CVE-2023-32417
Frequently Asked Questions
What is CVE-2023-32354?
CVE-2023-32354 is a vulnerability in IOSurfaceAccelerator where an out-of-bounds read can occur due to improved input validation.
What is the severity of CVE-2023-32354?
The severity of CVE-2023-32354 is medium with a severity value of 5.5.
Which devices and operating systems are affected by CVE-2023-32354?
CVE-2023-32354 affects Apple iPhone OS, Apple iPadOS, Apple tvOS, and Apple watchOS. The affected versions are up to, but not including, iOS, iPadOS, tvOS 16.5 and watchOS 9.5 respectively.
How can the CVE-2023-32354 vulnerability be fixed?
To fix the CVE-2023-32354 vulnerability, update to watchOS 9.5, tvOS 16.5, iOS 16.5, or iPadOS 16.5.
Can the CVE-2023-32354 vulnerability lead to disclosure of kernel memory?
Yes, an app exploiting the CVE-2023-32354 vulnerability may be able to disclose kernel memory.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- collector/nvd-api
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple iphone os