Physical Access Vulnerability in Apple iOS and macOS Devices
CVE-2024-44179

2.4LOW

Key Information:

Vendor: Apple
Status: Mac OS; iOS And iPad OS
Vendor: CVE Published:; 10 March 2025

Summary

A vulnerability has been identified in Apple's iOS, iPadOS, and macOS platforms, where an attacker with physical access to a locked device could exploit the system to read contact information displayed on the lock screen. This occurs due to insufficient restrictions on the options available to the user while the device is locked. Users are encouraged to update to the latest versions, iOS 17.7 or later, iPadOS 17.7 or later, and macOS Sequoia 15, to mitigate this potential risk.

Affected Version(s)

iOS and iPadOS < 17.7

iOS and iPadOS < 18

macOS < 15

References

https://support.apple.com/en-us/121238

https://support.apple.com/en-us/121246

https://support.apple.com/en-us/121250

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Aug 20, 2024