CVE-2024-44147: Race Condition
First published: Mon Sep 16 2024(Updated: )
Accessibility. This issue was addressed by restricting options offered on a locked device.
Credit: product-security@apple.com Rodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Domien Schepers dw0r ZeroPointer Lab working with Trend Micro Zero Day InitiativeAntonio Zekić Andrew Lytvynov OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroTuan D. Hoang Snoolie Keffaber @0xilis Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaHolger Fuhrmannek Jake Derouin Chloe Surett
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <18 | 18 |
| Apple iOS, iPadOS, and watchOS | <18 | 18 |
| Apple iOS, iPadOS, and watchOS | <18.0 | |
| iStyle @cosme iPhone OS | <18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/121250 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40840
- CVE-2024-40830
- CVE-2024-44171
- CVE-2024-40852
- CVE-2024-44126
- CVE-2024-27874
- CVE-2024-27876
- CVE-2024-27869
- CVE-2024-44124
- CVE-2024-44131
- CVE-2024-40850
- CVE-2024-27880
- CVE-2024-44176
- CVE-2024-44169
- CVE-2024-44165
- CVE-2024-44191
- CVE-2024-44198
- CVE-2024-40791
- CVE-2024-44183
- CVE-2023-5841
- CVE-2024-44147
- CVE-2024-44167
- CVE-2024-44217
- CVE-2024-40826
- CVE-2024-44155
- CVE-2024-44202
- CVE-2024-44127
- CVE-2024-40863
- CVE-2024-44144
- CVE-2024-44123
- CVE-2024-44145
- CVE-2024-40853
- CVE-2024-44139
- CVE-2024-44180
- CVE-2024-44170
- CVE-2024-44184
- CVE-2024-27879
- CVE-2024-40857
- CVE-2024-44187
- CVE-2024-40856
Frequently Asked Questions
What is the severity of CVE-2024-44147?
CVE-2024-44147 has a moderate severity level that impacts accessibility features and data protection.
How do I fix CVE-2024-44147?
To fix CVE-2024-44147, update your Apple device to iOS or iPadOS version 18 or later.
Which devices are affected by CVE-2024-44147?
CVE-2024-44147 affects devices running Apple iOS and iPadOS versions prior to 18.0.
What type of issues does CVE-2024-44147 address?
CVE-2024-44147 addresses issues related to accessibility, state management, and data protection.
Is there any risk if I do not update my device regarding CVE-2024-44147?
Not updating your device may leave it vulnerable to attacks exploiting the accessibility features addressed in CVE-2024-44147.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- collector/apple-support
- source/Apple
- alias/CVE-2024-44147
- alias/CVE-2024-44167
- alias/CVE-2024-44217
- alias/CVE-2024-40826
- alias/CVE-2024-44155
- alias/CVE-2024-44202
- alias/CVE-2024-44127
- alias/CVE-2024-40863
- alias/CVE-2024-44144
- alias/CVE-2024-44123
- alias/CVE-2024-44145
- alias/CVE-2024-40853
- alias/CVE-2024-44139
- alias/CVE-2024-44180
- alias/CVE-2024-44170
- alias/CVE-2024-44184
- alias/CVE-2024-27879
- alias/CVE-2024-40857
- alias/CVE-2024-44187
- alias/CVE-2024-40856
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2024-44191
- alias/CVE-2024-44198
- alias/CVE-2024-40791
- alias/CVE-2024-44183
- alias/CVE-2023-5841
- alias/CVE-2024-44126
- alias/CVE-2024-27874
- alias/CVE-2024-27876
- alias/CVE-2024-27869
- alias/CVE-2024-44124
- alias/CVE-2024-44131
- alias/CVE-2024-40850
- alias/CVE-2024-27880
- alias/CVE-2024-44176
- alias/CVE-2024-44169
- alias/CVE-2024-44165
- alias/CVE-2024-40852
- alias/CVE-2024-40830
- alias/CVE-2024-44171
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple ios, ipados, and watchos
- canonical/istyle @cosme iphone os