Yes because all transactions (which include the generated output states) are digitally signed and then stored by the parties to the transaction.
If a malicious party makes changes to an output state (e.g. adds a few zeros to a £10 IOU state) and then presents the encapsulating transaction to another party, the other party will notice a signature mismatch when verifying the digital signatures provided.
In Corda, states are linked together. Input states in a transaction are represented by a tuple of (TransactionID, Index) which is a pointer to a specific output state in a preceding transaction. As states evolve through the application of transactions, a chain-like structure is created with the head of the chain being the most current version of the state.
When a party presents a transaction to a peer on the network, they must also provide all the dependency transactions, that is, all the preceding transactions which make up the chain-like structure, back to the issuance transaction. As, such the receiving party can recursively check the signatures and
verify() all these transactions.