VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 23, 2023· Updated Dec 5, 2024

CVE-2023-32354

CVE-2023-32354

Description

An out-of-bounds read in Apple OS components could allow an app to disclose kernel memory, fixed in iOS 16.5, iPadOS 16.5, tvOS 16.5, and watchOS 9.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in Apple OS components could allow an app to disclose kernel memory, fixed in iOS 16.5, iPadOS 16.5, tvOS 16.5, and watchOS 9.5.

Vulnerability

An out-of-bounds read vulnerability exists in the kernel of Apple operating systems. The issue was addressed with improved input validation, as noted in the official description. It affects versions prior to iOS 16.5, iPadOS 16.5, tvOS 16.5, and watchOS 9.5 [1][2][3].

Exploitation

An attacker would need to have an app installed on the device to trigger the bug. The app can then read out-of-bounds kernel memory, potentially bypassing normal memory protections. No additional privileges or user interaction beyond installing the app are required.

Impact

Successful exploitation allows an app to disclose kernel memory, which could lead to the exposure of sensitive information normally protected by the kernel's memory isolation. This is a confidentiality impact, potentially revealing private data, kernel structures, or other secrets.

Mitigation

Apple released fixes in iOS 16.5 and iPadOS 16.5 (released May 18, 2023) [1], tvOS 16.5 [2], and watchOS 9.5 [3]. Users should update their devices to these or later versions. No workarounds are documented.

References
  1. About the security content of iOS 16.5 and iPadOS 16.5 - Apple Support
  2. About the security content of tvOS 16.5 - Apple Support
  3. About the security content of watchOS 9.5 - Apple Support

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.