Vulnerabilities > CVE-2024-44217 - Incorrect Authorization vulnerability in Apple Iphone OS

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
apple
CWE-863
critical
NVD
Published: 2024-10-28
Updated: 2024-12-12

Summary

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.

Vulnerable Configurations

Part Description Count
OS
Apple
366

Common Weakness Enumeration (CWE)

References