CVE-2024-44136

CVE-2024-44136 is a vulnerability affecting the Stolen Device Protection feature in iOS and iPadOS versions prior to 17.5. The issue arises from improper state management, enabling an attacker with physical access to a device to disable this security mechanism. It has been addressed in iOS 17.5 and iPadOS 17.5 through improvements in state handling, with a CVSS v3.1 base score of 4.6 (AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and associated CWEs including NVD-CWE-noinfo and CWE-863.

An attacker requires physical access to the target device to exploit this vulnerability, which has low attack complexity and demands no privileges, user interaction, or elevated scope. Exploitation allows the attacker to disable Stolen Device Protection, achieving high integrity impact by bypassing safeguards designed to protect data and functionality on stolen devices.

Apple's security advisory at https://support.apple.com/en-us/120905 confirms the issue was resolved via enhanced state management in iOS 17.5 and iPadOS 17.5, recommending that users update affected devices to mitigate the vulnerability.