CVE-2024-40852
📋 TL;DR
This vulnerability allows an attacker with physical access to a locked iOS/iPadOS device to view recent photos without authentication through the Assistive Access feature. It affects users with Assistive Access enabled on devices running vulnerable iOS/iPadOS versions. The issue was addressed by restricting options available on locked devices.
💻 Affected Systems
- iPhone
- iPad
📦 What is this software?
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker with brief physical access could view sensitive photos including personal, financial, or confidential information without unlocking the device.
Likely Case
Someone with temporary physical access (like a coworker, family member, or thief) could view recent photos on a locked device, potentially exposing private content.
If Mitigated
With proper physical security controls and device passcodes, the risk is limited to brief unauthorized access windows.
🎯 Exploit Status
Exploitation requires physical device access but no authentication. The vulnerability was publicly disclosed with technical details in the Full Disclosure mailing list.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18, iPadOS 18
Vendor Advisory: https://support.apple.com/en-us/121250
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install iOS 18/iPadOS 18 update. 4. Device will restart automatically.
🔧 Temporary Workarounds
Disable Assistive Access
iosTemporarily disable the Assistive Access feature until patching is possible
Settings > Accessibility > Assistive Access > Turn Off
Enable Auto-Lock
iosSet Auto-Lock to the shortest time possible to reduce exposure windows
Settings > Display & Brightness > Auto-Lock > Set to 30 seconds
🧯 If You Can't Patch
- Disable Assistive Access feature in device settings
- Implement strict physical security controls for devices and enable strong passcodes
🔍 How to Verify
Check if Vulnerable:
Check if device has Assistive Access enabled (Settings > Accessibility > Assistive Access) and is running iOS/iPadOS version below 18Check Version:
Settings > General > About > Software VersionVerify Fix Applied:
Verify iOS/iPadOS version is 18 or later in Settings > General > About > Software Version📡 Detection & Monitoring
Log Indicators:
- Unusual Assistive Access activation patterns
- Multiple failed unlock attempts followed by Assistive Access usage
Network Indicators:
- None - this is a local physical access vulnerability
SIEM Query:
Not applicable - physical access attack leaves minimal digital traces