CVE-2024-44217

CRITICAL

iPadOS < 18.0 - Incorrect Authorization in Password Autofill

Title source: llm
STIX 2.1

Description

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.

References (1)

Core 1
Core References

Scores

CVSS v3 9.1
EPSS 0.0037
EPSS Percentile 29.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-863
Status published
Products (3)
Apple/iOS and iPadOS < 18
apple/ipados < 18.0
apple/iphone_os < 18.0
Published Oct 28, 2024
Tracked Since Feb 18, 2026