Login Sign Up

CVE-2024-44145

6.1 MEDIUM

📋 TL;DR

This vulnerability allows an attacker with physical access to a macOS device to bypass the lock screen when Sidecar is enabled. It affects macOS devices running versions before Sequoia 15, iOS before 18, and iPadOS before 18. The attacker must have physical access to the vulnerable device.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions before macOS Sequoia 15, iOS 18, and iPadOS 18
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when Sidecar feature is enabled. Sidecar is not enabled by default on macOS.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could gain unauthorized access to the device, potentially accessing sensitive data, installing malware, or compromising user accounts.

🟠

Likely Case

An attacker with brief physical access could bypass the lock screen to access the device's contents, though they would need to know Sidecar is enabled.

🟢

If Mitigated

With proper physical security controls, the risk is minimal as the attacker requires physical device access.

🌐 Internet-Facing: LOW - This vulnerability requires physical access to the device and cannot be exploited remotely.
🏢 Internal Only: MEDIUM - Physical access to corporate devices could lead to data breaches if devices are left unattended with Sidecar enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires physical access to the device and Sidecar to be enabled. No authentication bypass is needed once physical access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15, iOS 18, iPadOS 18

Vendor Advisory: https://support.apple.com/en-us/121238

Restart Required: Yes

Instructions:

1. Update macOS to version 15 or later via System Settings > General > Software Update. 2. Update iOS/iPadOS to version 18 or later via Settings > General > Software Update. 3. Restart the device after installation.

🔧 Temporary Workarounds

Disable Sidecar

macOS

Disable the Sidecar feature to prevent exploitation of this vulnerability.

On macOS: System Settings > Displays > Advanced > Uncheck 'Allow your cursor and keyboard to move between any nearby Mac or iPad'

🧯 If You Can't Patch

  • Disable Sidecar feature on all vulnerable devices
  • Implement strict physical security controls and device locking policies

🔍 How to Verify

Check if Vulnerable:

Check if Sidecar is enabled on macOS: System Settings > Displays > Advanced > Check if 'Allow your cursor and keyboard to move between any nearby Mac or iPad' is enabled. If enabled and macOS version is below 15, device is vulnerable.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify macOS version is 15 or later, iOS/iPadOS is 18 or later, and ensure Sidecar remains disabled if not needed.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Sidecar connection attempts while device is locked
  • Multiple failed unlock attempts followed by successful Sidecar connection

Network Indicators:

  • Unexpected Sidecar network traffic from locked devices

SIEM Query:

Search for Sidecar connection events from devices that should be locked or during non-business hours.

📊 Metadata

CVE ID: CVE-2024-44145
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Published: October 28, 2024
Last Updated: December 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON