Siri Vulnerability in Apple iOS and iPadOS Enabling Auto-Answer Calls
CVE-2024-40853

3.3LOW

Key Information:

Vendor: Apple
Status: iPhone OS; iPad OS
Vendor: CVE Published:; 28 October 2024

Summary

A security issue has been identified in Apple's operating systems that can potentially allow an attacker to exploit Siri functionality on locked devices. Following this vulnerability, an unauthorized user could trigger the Auto-Answer Calls feature via Siri, posing a risk of unsolicited audio access. Apple has addressed this vulnerability in the recent updates of iOS 18 and iPadOS 18 by imposing restrictions on options provided by Siri when the device is locked, enhancing user security.

References

https://support.apple.com/en-us/121250

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2024