Cyber Resilience

CVE-2024-44227

High

Published: 10 March 2025

Published
10 March 2025
Modified
14 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0032 55.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44227 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Apple Ipados. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 44.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-44227 is a memory handling vulnerability that allows an app to cause unexpected system termination or corrupt kernel memory. The issue, associated with CWE-400 (Uncontrolled Resource Consumption), affects iOS and iPadOS versions prior to 18, as well as macOS versions prior to Sequoia 15. Apple addressed the vulnerability through improved memory handling, as detailed in their security updates.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating it is exploitable over a network with low complexity, requiring no privileges or user interaction, and unchanged scope. A remote attacker can leverage a malicious app to achieve high integrity impact, such as kernel memory corruption, potentially leading to system crashes or other disruptions without confidentiality loss or availability impact beyond termination.

Apple's security advisories confirm the fix in iOS 18, iPadOS 18, and macOS Sequoia 15, recommending users update to these versions for mitigation. Additional details are available in the release notes at https://support.apple.com/en-us/121238 and https://support.apple.com/en-us/121250.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Kernel memory corruption vulnerability directly enables T1068 for potential privilege escalation and T1499.004 for system/application exploitation leading to termination or disruption.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28874Same product: Apple Ipados
CVE-2026-28872Same product: Apple Ipados
CVE-2026-20652Same product: Apple Ipados
CVE-2026-28951Same product: Apple Ipados
CVE-2026-20650Same product: Apple Ipados
CVE-2026-28952Same product: Apple Ipados
CVE-2026-43656Same product: Apple Ipados
CVE-2026-28894Same product: Apple Ipados
CVE-2025-30456Same product: Apple Ipados
CVE-2025-24177Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.0
apple
iphone os
≤ 18.0
apple
macos
≤ 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements safeguards to protect kernel memory from unauthorized corruption by malicious apps exploiting memory handling flaws.

prevent

Enforces process isolation to prevent untrusted apps from accessing or modifying kernel memory.

prevent

Requires timely remediation of memory handling vulnerabilities through patching, as demonstrated by Apple's fix in updated OS versions.

References