CVE-2024-44232
Published Oct 28, 2024
·Updated
Accessibility. The issue was addressed with improved authentication.
Credit
an anonymous researcher, Ivan Fratric(Google Project Zero), K宝@@Pwnrin, pattern-f@@pattern_F_(Loadshine Lab), Hikerell(Loadshine Lab), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), Jex Amro, Mateusz Krzywicki@@krzywix, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), (Indiana University Bloomington), Luyi Xing(Indiana University Bloomington), Kirin@@Pwnrin, Rodolphe Brunetti@@eisw0lf, Wojciech Regula(SecuRing), Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Pune (India), Q1IQ@@q1iqF, P1umer@@p1umer, Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake Derouin, Mickey Jin@@patch1t, Alexandre Bedard, Csaba Fitzl@@theevilbit(Kandji), Ronny Stiftel, Wang Yu(Cyberserval), Zhongquan Li@@Guluisacat, Noah Gregory (wts.dev), Arsenii Kostromin (0x3c3e), Mickey Jin@@patch1t(Kandji), Un3xploitable(CW Research Inc), Bohdan Stasiuk@@Bohdan_Stasiuk(CW Research Inc), Pedro Tôrres@@t0rr3sp3dr0, 냥냥, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Halle Winkler, Politepix@@hallewinkler, dw0r!(Trend Micro Zero Day Initiative), Bohdan Stasiuk@@Bohdan_Stasiuk, Holger Fuhrmannek, Hichem Maloufi, Christian Mina, Ismail Amzdak, Nimrat Khalsa, James Gill @infosec.exchange)@@jjtech, Dragon Fruit Security (Davis Dai, ORAC Luoyun, Frank Du cooperative discovery), an anonymous researcher(Dawn Security Lab of JD), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), Justin Saboo, Lucas Di Tomase, Bistrit Dahal, Kenneth Chew, Braylon@@softwarescool, Ye Zhang@@VAR10CK(Baidu Security), Ziyi Zhou Jiao Tong University)@@Shanghai, Tianxiao Hou Jiao Tong University)@@Shanghai, Ben Roeder, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India), Srijan Poudel, 7feilee, Cristian Dinca (icmd.tech), Dalibor Milanovic, Richard Hyunho Im with Route Zero Security@@richeeta, Abhay Kailasia@@abhay_kailasia(C), CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, Garrett Moon(Excited Pixel LLC), Toomas Römer, Jaime Bertran, Ryan Dowd@@_rdowd, Gergely Kalman@@gergely_kalman, Csaba Fitzl@@theevilbit, Politepix (theoffcuts.org)
Affected Software
19 affected componentsFixes available
Apple macOS Sonoma<14.7.1
14.7.1
Apple tvOS<18.1
18.1
Apple WatchOS<11.1
11.1
Apple visionOS<2.1
2.1
Apple macOS Sequoia<15.1
15.1
Apple iOS<18.1
18.1
Apple iPadOS<18.1
18.1
Apple iOS<17.7.1
17.7.1
Apple iPadOS<17.7.1
17.7.1
Apple iPadOS<17.7.1
Apple iPadOS=18.0
Apple iPhone OS<17.7.1
Apple iPhone OS=18.0
Apple macOS<13.7.1
Apple macOS>=14.0<14.7.1
Apple tvOS<18.1
Apple visionOS<2.1
Apple WatchOS<11.1
Apple macOS Ventura<13.7.1
13.7.1
Event History
Oct 28, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Nov 1, 2024
CVE Published
via MITRE·08:41 PM
Data Sourced
via MITRE·08:41 PM
DescriptionWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-44232?
CVE-2024-44232 has been categorized as a high severity vulnerability due to its potential impact on user accessibility and authentication.
2
How do I fix CVE-2024-44232?
To fix CVE-2024-44232, users should update their affected Apple products to the latest version as specified in the security advisory.
3
Which Apple products are affected by CVE-2024-44232?
CVE-2024-44232 affects multiple Apple products including macOS Ventura, macOS Sonoma, iPadOS, iOS, tvOS, and watchOS.
4
When was CVE-2024-44232 disclosed?
CVE-2024-44232 was disclosed by Apple in their security updates on a specified date, highlighting the need for prompt remediation.
5
What type of vulnerability is CVE-2024-44232?
CVE-2024-44232 is an authentication vulnerability that enables unauthorized access and affects accessibility features.