Arbitrary Code Execution Vulnerability in DCP Firmware Affecting Apple iOS and iPadOS
CVE-2024-44242

9.8CRITICAL

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 12 December 2024

What is CVE-2024-44242?

The vulnerability identified in DCP firmware allows an attacker to potentially cause unexpected system termination or execute arbitrary code by exploiting insufficient bounds checks present in the software. The issue has been addressed in the latest updates for iOS and iPadOS, which highlights the importance of keeping devices up-to-date to mitigate such security risks. Users are advised to upgrade to iOS 18.1 and iPadOS 18.1 to ensure the protection against this vulnerability.

Affected Version(s)

iOS and iPadOS < 18.1

References

https://support.apple.com/en-us/121563

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024