CVE-2024-44191
📋 TL;DR
This vulnerability allows an app to gain unauthorized access to Bluetooth functionality on Apple devices. It affects iOS, iPadOS, Xcode, visionOS, watchOS, macOS, and tvOS. The issue was addressed through improved state management in Apple's software.
💻 Affected Systems
- iOS
- iPadOS
- Xcode
- visionOS
- watchOS
- macOS
- tvOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
Watchos by Apple
Xcode by Apple
⚠️ Risk & Real-World Impact
Worst Case
Malicious app could access Bluetooth data or services without user consent, potentially intercepting communications, tracking devices, or exploiting Bluetooth-related features.
Likely Case
App could access Bluetooth capabilities beyond its intended permissions, potentially collecting device information or interacting with Bluetooth peripherals.
If Mitigated
With proper app review and user permission controls, impact is limited to apps that have already been installed and granted some level of access.
🎯 Exploit Status
Exploitation requires a malicious app to be installed on the target device. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 17.7, iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18, tvOS 18
Vendor Advisory: https://support.apple.com/en-us/121238
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update on iOS/iPadOS/tvOS/watchOS/visionOS. 2. Install available updates. 3. For macOS, go to System Settings > General > Software Update. 4. For Xcode, update via Mac App Store or developer.apple.com.
🔧 Temporary Workarounds
Disable Bluetooth when not needed
allTurn off Bluetooth to prevent any unauthorized access attempts
Restrict app installations
allOnly install apps from trusted sources and review app permissions carefully
🧯 If You Can't Patch
- Implement mobile device management (MDM) to control app installations
- Monitor for unusual Bluetooth activity or unexpected app behavior
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software Version (iOS/iPadOS) or System Settings > General > About (macOS)Check Version:
sw_vers (macOS), uname -a (general), or check Settings/System SettingsVerify Fix Applied:
Verify device is running iOS 17.7+, iPadOS 17.7+, macOS Sequoia 15+, watchOS 11+, tvOS 18+, visionOS 2+, or Xcode 16+📡 Detection & Monitoring
Log Indicators:
- Unexpected Bluetooth service access in system logs
- Apps requesting Bluetooth permissions unexpectedly
Network Indicators:
- Unusual Bluetooth pairing attempts
- Bluetooth traffic from untrusted apps
SIEM Query:
Search for Bluetooth permission events from non-standard apps or outside normal usage patterns🔗 References
- https://support.apple.com/en-us/121238
- https://support.apple.com/en-us/121239
- https://support.apple.com/en-us/121240
- https://support.apple.com/en-us/121246
- https://support.apple.com/en-us/121248
- https://support.apple.com/en-us/121249
- https://support.apple.com/en-us/121250
- http://seclists.org/fulldisclosure/2024/Sep/32
- http://seclists.org/fulldisclosure/2024/Sep/33
- http://seclists.org/fulldisclosure/2024/Sep/36
- http://seclists.org/fulldisclosure/2024/Sep/39
