Information Disclosure Vulnerability in Apple iOS and iPadOS
CVE-2024-44290

3.3LOW

Key Information:

Vendor: Apple
Status: iPad OS; iPhone OS; Watch OS
Vendor: CVE Published:; 12 December 2024

What is CVE-2024-44290?

An information disclosure vulnerability was identified in Apple's operating systems, allowing certain applications to ascertain the user's current location. This issue arises due to inadequate redaction of sensitive information. The vulnerability has been rectified in iOS 18.1, iPadOS 18.1, and watchOS 11.1, enhancing the protection of user privacy and safeguarding personal data from unauthorized access.

References

https://support.apple.com/en-us/121563

https://support.apple.com/en-us/121565

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024