CVE-2024-44191
Summary
| CVE | CVE-2024-44191 |
|---|---|
| State | PUBLISHED |
| Assigner | apple |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-09-17 00:15:52 UTC |
| Updated | 2026-04-02 19:18:18 UTC |
| Description | This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS: 0.000230000 probability, percentile 0.062530000 (date 2026-04-07)
Problem Types: NVD-CWE-noinfo | An app may gain unauthorized access to Bluetooth | CWE-noinfo Not enough information
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | ADP | DECLARED | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
HighAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Visionos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Application | Apple | Xcode | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Apple | Xcode | affected 16 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 17.7 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 18 custom | Not specified |
| CNA | Apple | MacOS | affected 15 custom | Not specified |
| CNA | Apple | TvOS | affected 18 custom | Not specified |
| CNA | Apple | VisionOS | affected 2 custom | Not specified |
| CNA | Apple | WatchOS | affected 11 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| seclists.org/fulldisclosure/2024/Sep/36 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| seclists.org/fulldisclosure/2024/Sep/32 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| support.apple.com/en-us/121240 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/121238 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/121250 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/121246 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| seclists.org/fulldisclosure/2024/Sep/33 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| support.apple.com/en-us/121249 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/121248 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/121239 | [email protected] | support.apple.com | Release Notes, Vendor Advisory |
| seclists.org/fulldisclosure/2024/Sep/39 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.