Cyber Resilience

CVE-2024-44207

Medium

Published: 04 October 2024

Published
04 October 2024
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score 0.0752 92.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44207 is a medium-severity an unspecified weakness vulnerability in Apple Ipados. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-44207 is a vulnerability in the Messages application on Apple's mobile platforms, where an incoming audio message could capture several seconds of audio from the device microphone before the microphone indicator activates. The flaw was caused by inadequate validation checks and is fixed in iOS 18.0.1 and iPadOS 18.0.1. It carries a CVSS 4.3 score reflecting network attack vector, low complexity, and limited confidentiality impact.

An unauthenticated remote attacker can trigger the issue by sending a crafted audio message that the recipient opens or plays, resulting in brief unauthorized audio capture without immediate user notification. The attack requires user interaction and does not allow further system compromise or data modification.

Apple's security update for iOS 18.0.1 and iPadOS 18.0.1 resolves the problem through improved checks, as described in the vendor advisory at support.apple.com/en-us/121373. The corresponding disclosure appears on seclists.org.

The associated EPSS score remains low and essentially flat, indicating no significant post-disclosure exploitation interest.

EU & UK References

Vulnerability details

This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 18.0.1
apple
iphone os
≤ 18.0.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References