VYPR
← All advisories
Medium severity4.6NVD Advisory· Published Oct 28, 2024· Updated Apr 2, 2026

CVE-2024-44274

CVE-2024-44274

Description

The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. An attacker with physical access to a locked device may be able to view sensitive user information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An attacker with physical access to a locked iOS/iPadOS or watchOS device may view sensitive user information; fixed in recent updates.

CVE-2024-44274 is an authentication bypass vulnerability affecting iOS, iPadOS, and watchOS. The issue exists in the device's lock screen mechanism, allowing an attacker with physical access to a locked device to bypass authentication and view sensitive user information. Apple addressed the flaw by improving authentication processes [1][2][3].

To exploit this vulnerability, an attacker must have physical possession of a locked device running an affected version of iOS, iPadOS, or watchOS. No user interaction is required beyond the device being locked. The attacker can then access sensitive information without proper credentials [1][2][3].

The impact is limited to information disclosure, but it could expose personal data such as messages, photos, or other private content stored on the device. The vulnerability does not allow remote exploitation or privilege escalation beyond viewing on-screen information [1][2][3].

Apple has released patches in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, and watchOS 11.1. Users are strongly advised to update their devices to the latest available versions. The vulnerability was discovered by security researchers Rizki Maulana, Matthew Butler, and Jake Derouin [1][2][3].

References
  1. About the security content of iOS 18.1 and iPadOS 18.1 - Apple Support
  2. About the security content of iOS 17.7.1 and iPadOS 17.7.1 - Apple Support
  3. About the security content of watchOS11.1 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <17.7.1
    • (no CPE)range: = 17.7.1 (iPadOS 17.7.1), = 18.1 (iPadOS 18.1)
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <17.7.1
  • Apple Inc./watchOS2 versions
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <11.1
    • (no CPE)range: = 11.1 (watchOS 11.1)
  • Apple Inc./iOSllm-fuzzy
    Range: = 17.7.1 (iOS 17.7.1), = 18.1 (iOS 18.1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.