First published: Mon Oct 28 2024(Updated: )
Accessibility. The issue was addressed with improved authentication.
Credit: Rizki Maulana (rmrizki.my.id) Matthew Butler Jake Derouin an anonymous researcher Ivan Fratric Google Project ZeroK宝 @Pwnrin pattern-f @pattern_F_ Loadshine LabHikerell Loadshine LabHossein Lotfi @hosselot Trend Micro Zero Day InitiativeWang Yu CyberservalJunsung Lee Trend Micro Zero Day InitiativeJex Amro Ye Zhang @VAR10CK Baidu SecurityZiyi Zhou Jiao Tong University) @Shanghai Tianxiao Hou Jiao Tong University) @Shanghai Mateusz Krzywicki @krzywix Ben Roeder Hichem Maloufi Christian Mina Ismail Amzdak Nimrat Khalsa Davis Dai James Gill @infosec.exchange) @jjtech an anonymous researcher Dawn Security Lab of JDYinyi Wu @_3ndy1 Dawn Security Lab of JDNarendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Lucas Di Tomase Michael DePlante @izobashi Trend Micro Zero Day InitiativeBing Shi Alibaba GroupWenchao Li Alibaba GroupXiaolong Bai Alibaba Group Indiana University BloomingtonLuyi Xing Indiana University BloomingtonKirin @Pwnrin Bistrit Dahal Kenneth Chew Rodolphe Brunetti @eisw0lf Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaSrijan Poudel 7feilee Cristian Dinca (icmd.tech) Dalibor Milanovic Richard Hyunho Im with Route Zero Security @richeeta Braylon @softwarescool Wojciech Regula SecuRingQ1IQ @q1iqF P1umer @p1umer CVE-2024-39573 CVE-2024-38477 CVE-2024-38476 Mickey Jin @patch1t Alexandre Bedard Ronny Stiftel Zhongquan Li @Guluisacat Garrett Moon Excited Pixel LLCArsenii Kostromin (0x3c3e) Toomas Römer Jaime Bertran Noah Gregory (wts.dev) Un3xploitable CW Research IncBohdan Stasiuk @Bohdan_Stasiuk CW Research IncPedro Tôrres @t0rr3sp3dr0 Mickey Jin @patch1t KandjiCsaba Fitzl @theevilbit KandjiRyan Dowd @_rdowd Gergely Kalman @gergely_kalman Csaba Fitzl @theevilbit Halle Winkler Politepix (theoffcuts.org) dw0r! Trend Micro Zero Day InitiativeBohdan Stasiuk @Bohdan_Stasiuk product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
watchOS | <11.1 | 11.1 |
Apple macOS Sequoia | <15.1 | 15.1 |
Apple iOS | <18.1 | 18.1 |
iPadOS | <18.1 | 18.1 |
iPadOS | <18.1 | |
Apple iPhone OS | <18.1 | |
watchOS | <11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-44290 has a severity rating that indicates it is a significant security concern requiring immediate attention.
To fix CVE-2024-44290, users should upgrade their affected software to the latest versions: watchOS 11.1, macOS Sequoia 15.1, or iOS/iPadOS 18.1.
CVE-2024-44290 affects Apple products including watchOS, macOS Sequoia, iOS, and iPadOS versions prior to specified updates.
Yes, CVE-2024-44290 was addressed with improved authentication mechanisms in the affected software.
The CVE-ID for CVE-2024-44290 was assigned by a third party, indicating its classification in the security community.