CVE-2024-44285

Published Oct 28, 2024

Last updated 24 days ago

CVSS high 7.8

Overview

Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Source
product-security@apple.com
NVD status
Modified
Products
ipados, iphone_os, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-416
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score
Not currently trending

  1. Proof of concept for iOS 18.0.x bug CVE-2024-44285 released, but seems unlikely to aid jailbreaking https://t.co/ba8WsP4Wip

    @iDownloadBlog

    1 Dec 2024

    2735 Impressions

    3 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. GitHub - 34306/IOSurface_poc18: App with PoC of CVE-2024-44285 https://t.co/KFwK7CKHaw

    @akaclandestine

    30 Nov 2024

    1585 Impressions

    5 Retweets

    19 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  3. I’ve been told that my online activity has been dead for years, so after a friend’s suggestion, I’ve made a simple PoC with a little description for CVE-2024-44285: https://t.co/wGzNS6VgvU

    @tomitokics

    29 Nov 2024

    3548 Impressions

    6 Retweets

    29 Likes

    8 Bookmarks

    2 Replies

    1 Quote

Configurations

Related CVEs

  1. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.CVE-2025-43210
  2. This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.CVE-2025-43202
  3. The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.CVE-2026-28895
  4. A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service.CVE-2026-28894
  5. A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.CVE-2026-28886

References

Sources include official advisories and independent security research.