CVE-2024-44217Incorrect Authorization in Apple IOS AND Ipados

CWE-863Incorrect Authorization4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 43.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOS AND IpadosApple IpadosApple Iphone OS
Timeline
PublishedOct 28
Latest updateOct 29

Description

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDapple/ipados< 18.0
CVEListV5apple/ios_and_ipados< 18
NVDapple/iphone_os< 18.0

🔴Vulnerability Details

2
GHSA
GHSA-75qv-hw7p-g75w: A permissions issue was addressed by removing vulnerable code and adding additional checks2024-10-29
CVEList
CVE-2024-44217: A permissions issue was addressed by removing vulnerable code and adding additional checks2024-10-28

📋Vendor Advisories

1
Apple
CVE-2024-44217: iOS 18 and iPadOS 182024-09-16
CVE-2024-44217 — Incorrect Authorization in Apple | cvebase