CVE-2024-44136

4.6

Medium

Published:15 Jan 2025

Last updated:17 Jun 2026

Source:product-security@apple.com

Modified

Weakness (CWE)

CWE-863Incorrect Authorization

CVSS Vector

v3.1

Attack Vector: Physical
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: High
Availability: None

View on MITRE Find PoC on GitHub

Description

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.

References

product-security@apple.com

https://support.apple.com/en-us/120905