Cyber Resilience

CVE-2024-44136

Medium

Published: 15 January 2025

Published
15 January 2025
Modified
22 March 2025
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0042 34.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2024-44136 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Apple Ipados. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-11 (Device Lock) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-44136 is a vulnerability affecting the Stolen Device Protection feature in iOS and iPadOS versions prior to 17.5. The issue arises from improper state management, enabling an attacker with physical access to a device to disable this security mechanism. It has been addressed in iOS 17.5 and iPadOS 17.5 through improvements in state handling, with a CVSS v3.1 base score of 4.6 (AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and associated CWEs including NVD-CWE-noinfo and CWE-863.

An attacker requires physical access to the target device to exploit this vulnerability, which has low attack complexity and demands no privileges, user interaction, or elevated scope. Exploitation allows the attacker to disable Stolen Device Protection, achieving high integrity impact by bypassing safeguards designed to protect data and functionality on stolen devices.

Apple's security advisory at https://support.apple.com/en-us/120905 confirms the issue was resolved via enhanced state management in iOS 17.5 and iPadOS 17.5, recommending that users update affected devices to mitigate the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Vulnerability directly allows disabling Stolen Device Protection security feature via physical access and state management flaw, mapping to impairing defenses.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24200Same product: Apple Ipados
CVE-2025-24221Same product: Apple Ipados
CVE-2026-28951Same product: Apple Ipados
CVE-2024-54512Same product: Apple Ipados
CVE-2026-28965Same product: Apple Ipados
CVE-2026-28874Same product: Apple Ipados
CVE-2026-28858Same product: Apple Ipados
CVE-2025-46311Same product: Apple Ipados
CVE-2025-31229Same product: Apple Ipados
CVE-2024-44276Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 17.5
apple
iphone os
≤ 17.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation directly addresses the improper state management vulnerability by applying patches to iOS 17.5 and iPadOS 17.5, preventing attackers from disabling Stolen Device Protection.

prevent

Device lock after inactivity prevents unauthorized physical access to the device, blocking exploitation attempts to disable Stolen Device Protection.

prevent

Access control for mobile devices enforces usage restrictions and connection requirements, mitigating physical access risks to stolen iOS/iPadOS devices.

References