CVE-2024-44171

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

CVSS v3.0 4.6 MEDIUM

4.6^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121240	Release Notes Vendor Advisory
https://support.apple.com/en-us/121246	Release Notes Vendor Advisory
https://support.apple.com/en-us/121250	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:watchos::::::::

History

24 Sep 2024, 16:22

Type	Values Removed	Values Added
First Time		Apple watchos Apple Apple ipados Apple iphone Os
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.6
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:watchos::::::::
References	~~() https://support.apple.com/en-us/121246 -~~	() https://support.apple.com/en-us/121246 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121250 -~~	() https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121240 -~~	() https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory

17 Sep 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-17 00:15

Updated : 2025-03-25 17:16

NVD link : CVE-2024-44171

Mitre link : CVE-2024-44171

JSON object : View

Products Affected

apple

ipados
watchos
iphone_os

CWE

NVD-CWE-noinfo

4.6 /10