Main Vulnerability Database Vulnerabilities #VU99421

Improper Authentication in Apple iOS and iPadOS - CVE-2024-44274

Published: October 28, 2024

Vulnerability identifier: #VU99421

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-44274

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to missing authentication within the Accessibility feature. An attacker with physical access to a locked device can view sensitive user information.

How to mitigate CVE-2024-44274

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/121567

Improper Authentication in Apple iOS and iPadOS - CVE-2024-44274

Detailed vulnerability description

How to mitigate CVE-2024-44274

Sources

Please verify you're human