In response to a set of issues it claimed were being actively exploited in the wild, Apple on Wednesday released a slew of upgrades for iOS, iPadOS, macOS, watchOS, and Safari. This comprises two zero-days that have been weaponized in the ongoing mobile spying campaign Operation Triangulation. There is no known specific threat actor driving the activity.
A malicious software might use the kernels integer overflow vulnerability, CVE-2023-32434, to execute any code with kernel privileges. CVE-2023-32435 - WebKit has a memory corruption flaw that could allow arbitrary code execution when handling specially created web content.