Cyber Resilience

CVE-2024-44238

High

Published: 16 January 2026

Published
16 January 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44238 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-44238 is a memory corruption vulnerability stemming from insufficient bounds checks (CWE-119), affecting Apple's iOS prior to version 18.1, iPadOS prior to 18.1, and macOS Sequoia prior to 15.1. The flaw allows an app to corrupt coprocessor memory, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was publicly disclosed on January 16, 2026.

A local attacker with low privileges, such as a malicious app installed on the device, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables corruption of coprocessor memory, potentially leading to high-impact confidentiality, integrity, and availability violations on the affected system.

Apple's security advisories detail the fix through improved bounds checks, recommending updates to iOS 18.1, iPadOS 18.1, or macOS Sequoia 15.1. Further details are available in the release notes at https://support.apple.com/en-us/121563 and https://support.apple.com/en-us/121564.

EU & UK References

Vulnerability details

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to corrupt coprocessor memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption (CWE-119) in Apple OS coprocessor allows malicious app to escalate privileges via insufficient bounds checks.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20700Same product: Apple Ipados
CVE-2026-28858Same product: Apple Ipados
CVE-2025-30456Same product: Apple Ipados
CVE-2026-28951Same product: Apple Ipados
CVE-2026-28941Same product: Apple Ipados
CVE-2026-20698Same product: Apple Ipados
CVE-2026-20677Same product: Apple Ipados
CVE-2026-28965Same product: Apple Ipados
CVE-2025-46311Same product: Apple Ipados
CVE-2025-31229Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.1
apple
iphone os
≤ 18.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements controls to protect system memory from unauthorized modification, directly mitigating app-induced coprocessor memory corruption.

prevent

Enforces validation of information inputs including bounds checks, preventing the insufficient bounds checking (CWE-119) that enables memory corruption.

prevent

Requires timely flaw remediation through patching, as demonstrated by Apple's improved bounds checks in iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1.

References