State Management Vulnerability in Apple Products
CVE-2024-44259

7.5HIGH

Key Information:

Vendor: Apple
Status: Visionos; iOS And iPad OS; Mac OS; Safari
Vendor: CVE Published:; 28 October 2024

Summary

A vulnerability exists within the state management of certain Apple products, enabling potential attackers to misuse established trust relationships to download malicious content onto user devices. This issue has been addressed in recent updates, specifically in iOS 17.7.1, iPadOS 17.7.1, visionOS 2.1, iOS 18.1, iPadOS 18.1, macOS Sequoia 15.1, and Safari 18.1. Users are encouraged to update their devices to ensure they are protected against this type of exploitation.

Affected Version(s)

iOS and iPadOS < 17.7

iOS and iPadOS < 18.1

macOS < 15.1

References

https://support.apple.com/en-us/121566

https://support.apple.com/en-us/121567

https://support.apple.com/en-us/121563

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2024