CVE-2024-44124

Vulnerability

A state management issue in Bluetooth pairing on iOS and iPadOS allows a malicious Bluetooth input device to bypass the pairing process. This affects devices running versions prior to iOS 18 and iPadOS 18, including iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later [1].

Exploitation

An attacker with a malicious Bluetooth input device within wireless range of a vulnerable device can attempt to pair with it. Due to the improper state management, the pairing authentication can be bypassed, allowing the attacker to connect without user confirmation or proper authorization. No additional privileges or user interaction beyond proximity are required.

Impact

Successful exploitation enables the attacker to connect a malicious Bluetooth input device (e.g., keyboard) to the target device. This can lead to unauthorized input injection, potentially allowing keystroke injection, arbitrary code execution, or data exfiltration depending on the attacker's capabilities and the device's configuration.

Mitigation

Apple addressed this issue in iOS 18 and iPadOS 18, released on September 16, 2024 [1]. Users should update their devices to the latest operating system version. No workarounds are available for unpatched versions.