CVE-2024-44217

CRITICAL

iPadOS < 18.0 - Incorrect Authorization in Password Autofill

Title source: llm

Description

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.

References (1)

Core 1

Core References

Vendor Advisory

https://support.apple.com/en-us/121250

Scores

CVSS v3 9.1

EPSS 0.0034

EPSS Percentile 56.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-863

Status published

Products (3)

Apple/iOS and iPadOS < 18

apple/ipados < 18.0

apple/iphone_os < 18.0

Published Oct 28, 2024

Tracked Since Feb 18, 2026