High severity7.1NVD Advisory· Published Oct 28, 2024· Updated Apr 2, 2026

CVE-2024-44258

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.7.1
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <17.7.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.1
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/121563nvdRelease NotesVendor Advisory
support.apple.com/en-us/121566nvdRelease NotesVendor Advisory
support.apple.com/en-us/121567nvdRelease NotesVendor Advisory
support.apple.com/en-us/121569nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2024/Oct/10nvd
seclists.org/fulldisclosure/2024/Oct/15nvd
seclists.org/fulldisclosure/2024/Oct/16nvd
seclists.org/fulldisclosure/2024/Oct/9nvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000