CVE-2024-54503

Vulnerability

In iOS and iPadOS versions prior to 18.2, an inconsistent user interface issue exists where muting a call while it is ringing may not result in mute being enabled. This affects iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later [1]. The issue is addressed in iOS 18.2 and iPadOS 18.2.

Exploitation

No special attacker position or authentication is required; the issue occurs when a user attempts to mute an incoming call during the ringing phase. The user presses the mute button, but due to the inconsistent UI state, the mute function may not be applied, leaving the microphone active.

Impact

If the mute action fails, the user's audio may be transmitted to the caller despite the user's intention to mute. This could lead to unintended disclosure of private conversations or ambient sounds. The impact is a privacy violation (information disclosure) at the user level.

Mitigation

Apple released iOS 18.2 and iPadOS 18.2 on December 11, 2024, which fix the issue [1]. Users should update their devices to the latest version. No workarounds are documented.