CVE-2024-44191

2024-09-1700:15:52

[email protected]

web.nvd.nist.gov

ios

ipados

xcode

visionos

watchos

macos sequoia

tvos

bluetooth

unauthorized access

cve-2024-44191

state management

improved.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

16.5%

JSON

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.

Affected configurations

Nvd

Node

applexcodeRange≤16.0

appleipadosRange<17.7

appleiphone_osRange<17.7

applemacosRange<15.0

appletvosRange<18.0

applevisionosRange<2.0

applewatchosRange<11.0

VendorProductVersionCPE
applexcode*cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applevisionos*cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	xcode	*	cpe:2.3:a:apple:xcode::::::::
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	visionos	*	cpe:2.3:o:apple:visionos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::