CVE-2024-44245
📋 TL;DR
This vulnerability allows a malicious app to cause system crashes or corrupt kernel memory on Apple devices. It affects users running vulnerable versions of iOS, iPadOS, macOS, and visionOS. The issue stems from improper memory handling that can be exploited by local applications.
💻 Affected Systems
- iOS
- iPadOS
- macOS
- visionOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to kernel-level code execution, persistent malware installation, or data corruption.
Likely Case
Application-induced system crashes (kernel panics) resulting in denial of service and potential data loss.
If Mitigated
Limited to application sandbox escape attempts that are blocked by security controls.
🎯 Exploit Status
Exploitation requires local application access. No public exploit code available at disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18.2, iPadOS 17.7.3/18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, visionOS 2.2
Vendor Advisory: https://support.apple.com/en-us/121837
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.
🔧 Temporary Workarounds
Application Restriction
allLimit installation to trusted applications from official App Store only
MDM Application Control
allUse Mobile Device Management to restrict application installation and execution
🧯 If You Can't Patch
- Implement strict application allowlisting policies
- Isolate vulnerable devices from critical network segments
🔍 How to Verify
Check if Vulnerable:
Check Settings > General > About > Version. If version is earlier than patched versions listed, device is vulnerable.Check Version:
Settings > General > About > Version (iOS/iPadOS/visionOS) or About This Mac > macOS Version (macOS)Verify Fix Applied:
Confirm version matches or exceeds patched versions: iOS 18.2+, iPadOS 17.7.3+/18.2+, macOS Sequoia 15.2+, macOS Sonoma 14.7.2+, visionOS 2.2+📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Unexpected system restarts
- Application crash reports with memory corruption indicators
Network Indicators:
- Unusual outbound connections from Apple devices post-crash
SIEM Query:
source="apple_system_logs" AND ("kernel panic" OR "memory corruption" OR "unexpected termination")🔗 References
- https://support.apple.com/en-us/121837
- https://support.apple.com/en-us/121838
- https://support.apple.com/en-us/121839
- https://support.apple.com/en-us/121840
- https://support.apple.com/en-us/121845
- http://seclists.org/fulldisclosure/2024/Dec/12
- http://seclists.org/fulldisclosure/2024/Dec/6
- http://seclists.org/fulldisclosure/2024/Dec/7
- http://seclists.org/fulldisclosure/2024/Dec/8
