CVE-2024-44171

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121240	Release Notes Vendor Advisory
https://support.apple.com/en-us/121246	Release Notes Vendor Advisory
https://support.apple.com/en-us/121250	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:watchos::::::::

History

24 Sep 2024, 16:22

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:iphone_os::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.6
First Time		Apple Apple watchos Apple ipados Apple iphone Os
References	~~() https://support.apple.com/en-us/121240 -~~	() https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121246 -~~	() https://support.apple.com/en-us/121246 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121250 -~~	() https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory

20 Sep 2024, 12:31

Type	Values Removed	Values Added
Summary		(es) Este problema se solucionó mediante una mejor gestión de estado. Este problema se solucionó en iOS 17.7 y iPadOS 17.7, iOS 18 y iPadOS 18, watchOS 11. Un atacante con acceso físico a un dispositivo bloqueado puede controlar dispositivos cercanos a través de funciones de accesibilidad.

17 Sep 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-17 00:15

Updated : 2025-03-25 17:16

NVD link : CVE-2024-44171

Mitre link : CVE-2024-44171

CVE.ORG link : CVE-2024-44171

JSON object : View

Products Affected

apple

iphone_os
watchos
ipados

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-44171", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2024-09-17T00:15:51.520", "references": [{"url": "https://support.apple.com/en-us/121240", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121246", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121250", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, iOS 18 y iPadOS 18, watchOS 11. Un atacante con acceso f\u00edsico a un dispositivo bloqueado puede controlar dispositivos cercanos a trav\u00e9s de funciones de accesibilidad."}], "lastModified": "2025-03-25T17:16:08.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064488F4-456F-4C5D-B325-4F1FCDF2D432", "versionEndExcluding": "17.7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8542FD9-368A-4A38-965E-47AE279208F1", "versionEndExcluding": "17.7"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05C212C2-3E65-47DB-A0AE-417A8178ADC6", "versionEndExcluding": "11.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}