CVE-2024-44170: Input Validation
Published Sep 16, 2024
·Updated
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data.
Other sources
Accessibility. This issue was addressed by restricting options offered on a locked device.
— Apple
Accessibility. This issue was addressed through improved state management.
— Apple
Accessibility. This issue was addressed with improved data protection.
— Apple
Accounts. A permissions issue was addressed with additional restrictions.
— Apple
Accounts. The issue was addressed with improved checks.
— Apple
Credit
Kirin@@Pwnrin, Rodolphe Brunetti@@eisw0lf, CVE-2023-4504, Csaba Fitzl@@theevilbit(Kandji), an anonymous researcher, @@08Tc3wBB(Jamf), Denis Tokarev@@illusionofcha0s, Yiğit Can YILMAZ@@yilmazcanyigit, Mickey Jin@@patch1t, Junsung Lee, dw0r(ZeroPointer Lab working with Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Antonio Zekić, Andrew Lytvynov, Alexander Heinrich, SEEMOO, DistriNet, KU Leuven@@vanhoefm, TU Darmstadt@@Sn0wfreeze, Mathy Vanhoef, Jeff Johnson (underpassapp.com), OSS-Fuzz(Google Project Zero), Ned Williamson(Google Project Zero), Rodolphe BRUNETTI@@eisw0lf, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Olivier Levon, CVE-2023-5841, Meng Zhang (鲸落)(NorthSea), ajajfxhj, Brian McNulty(Computer Science), Cristian Dinca(Computer Science), Romania, Vaibhav Prajapati, CVE-2024-39894, Wojciech Regula(SecuRing), Rifa'i Rejal Maynando, Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Pune (India), Zhongquan Li@@Guluisacat, Yiğit Can YILMAZ@@yilmazcanyigit(SecuRing), Kirin@@Pwnrin(NorthSea), 냥냥, Halle Winkler, Politepix@@hallewinkler, Vivek Dhar, working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir), Pedro José Pereira Vieito@@pvieito, luckyu@@uuulucky(NorthSea), Om Kothawade(the UNTHSC College of Pharmacy), Omar A. Alanis(the UNTHSC College of Pharmacy), Bistrit Dahal, Matej Moravec@@MacejkoMoravec, K宝, LFY@@secsys, Smi1e, yulige, Cristian Dinca (icmd.tech), Arsenii Kostromin (0x3c3e), Ron Masas(BreakPoint), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Bohdan Stasiuk@@Bohdan_Stasiuk, CVE-2024-41957, Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Tashita Software Security, Ron Masas, Hafiizh(HakTrak), YoKo Kho@@yokoacc(HakTrak), Tim Michaud@@TimGMichaud(Moveworks), Antonio Zekic@@antoniozekic, ant4g0nist, Charly Suchanek, CVE-2024-44134, Preet Dsouza (Fleming College, Computer Security & Investigations Program), Domien Schepers, Tim Clem, Gergely Kalman@@gergely_kalman, Koh M. Nakagawa@@tsunek0h, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-44130, Pwn2car(Trend Micro Zero Day Initiative), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Holger Fuhrmannek, Anton Boegler, Snoolie Keffaber@@0xilis, Jake Derouin (jakederouin.com), CVE-2024-44129, Joshua Keller, Lukas, Kenneth Chew, Anamika Adhikari, Om Kothawade(Zaprico Digital), Chi Yuan Chang(ZUSO ART), taikosoup, Srijan Poudel, Justin Cohen, Daniele Antonioli, Tuan D. Hoang, Chloe Surett, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India)
Affected Software
8 affected componentsFixes available
Apple macOS Sequoia<15
15
Apple WatchOS<11
11
Apple iOS<18
18
Apple iPadOS<18
18
Apple iPadOS<18.0
Apple iPhone OS<18.0
Apple macOS<15.0
Apple WatchOS<11.0
Event History
Sep 16, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
CVE Published
via MITRE·11:22 PM
Data Sourced
via MITRE·11:22 PM
DescriptionWeakness
Sep 17, 2024
Data Sourced
via NVD·12:15 AM
DescriptionSeverityAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-44171
- CVE-2024-40850
- CVE-2024-27880
- CVE-2024-44176
- CVE-2024-44169
- CVE-2024-44191
- CVE-2024-54560
- CVE-2024-44198
- CVE-2024-44183
- CVE-2024-44155
- CVE-2024-44144
- CVE-2024-44170
- CVE-2024-54467
- CVE-2024-44192
- CVE-2024-40857
- CVE-2024-44187
- CVE-2024-40840
- CVE-2024-40830
- CVE-2024-40852
- CVE-2024-44126
- CVE-2024-27874
- CVE-2024-27876
- CVE-2024-27869
- CVE-2024-44124
- CVE-2024-54469
- CVE-2024-44131
- CVE-2024-44165
- CVE-2024-44122
- CVE-2024-40791
- CVE-2023-5841
- CVE-2024-44147
- CVE-2024-44167
- CVE-2024-44217
- CVE-2024-40826
- CVE-2024-44202
- CVE-2024-44127
- CVE-2024-40863
- CVE-2024-44123
- CVE-2024-44145
- CVE-2024-44179
- CVE-2024-40853
- CVE-2024-44139
- CVE-2024-44180
- CVE-2024-54558
- CVE-2024-44184
- CVE-2024-27879
- CVE-2024-44227
- CVE-2024-40856
- CVE-2024-44129
- CVE-2024-44153
- CVE-2024-44188
- CVE-2024-40792
- CVE-2024-40825
- CVE-2024-44130
- CVE-2024-44182
- CVE-2024-44154
- CVE-2024-40845
- CVE-2024-40846
- CVE-2024-44164
- CVE-2024-40837
- CVE-2024-40847
- CVE-2024-40848
- CVE-2024-44168
- CVE-2024-27860
- CVE-2024-27861
- CVE-2024-40841
- CVE-2024-27795
- CVE-2024-44135
- CVE-2024-44132
- CVE-2024-44128
- CVE-2024-44151
- CVE-2024-44172
- CVE-2024-27875
- CVE-2024-44146
- CVE-2024-27849
- CVE-2023-4504
- CVE-2024-40855
- CVE-2024-44148
- CVE-2024-44177
- CVE-2024-54463
- CVE-2024-40831
- CVE-2024-40861
- CVE-2024-44160
- CVE-2024-44161
- CVE-2024-44175
- CVE-2024-54473
- CVE-2024-44181
- CVE-2024-27858
- CVE-2024-40838
- CVE-2024-44186
- CVE-2024-39894
- CVE-2024-44178
- CVE-2024-44149
- CVE-2024-40797
- CVE-2024-44125
- CVE-2024-44163
- CVE-2024-44203
- CVE-2024-44137
- CVE-2024-44174
- CVE-2024-40801
- CVE-2024-44158
- CVE-2024-40844
- CVE-2024-40860
- CVE-2024-44152
- CVE-2024-44166
- CVE-2024-44190
- CVE-2024-44133
- CVE-2024-40859
- CVE-2024-41957
- CVE-2024-40866
- CVE-2024-54546
- CVE-2024-40770
- CVE-2024-23237
- CVE-2024-44134
- CVE-2024-44189
- CVE-2024-44208
- CVE-2024-40842
- CVE-2024-40843
Frequently Asked Questions
1
What is the severity of CVE-2024-44170?
CVE-2024-44170 is considered a privacy issue affecting user-sensitive data.
2
How do I fix CVE-2024-44170?
To fix CVE-2024-44170, update your devices to iOS 18, iPadOS 18, watchOS 11, or macOS Sequoia 15.
3
Which software versions are affected by CVE-2024-44170?
CVE-2024-44170 affects Apple iPadOS versions prior to 18.0, iPhone OS versions prior to 18.0, macOS versions prior to 15.0, and watchOS versions prior to 11.0.
4
What kind of data is at risk in CVE-2024-44170?
CVE-2024-44170 involves access to user-sensitive data that improperly may be accessible by apps.
5
When was CVE-2024-44170 addressed?
CVE-2024-44170 was addressed in the latest updates for iOS, iPadOS, watchOS, and macOS.