CVE-2024-44286

High

Published: 02 April 2026

Published

02 April 2026

Modified

03 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0009 25.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44286 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-11 (Device Lock) and PE-3 (Physical Access Control).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-11 Device Lock good match

prevent

AC-11 enforces device lock policies that prevent unauthorized keyboard input to running applications on physically locked macOS devices.

PE-3 Physical Access Control good match

prevent

PE-3 controls and monitors physical access to the device, blocking attackers from exploiting the vulnerability that requires physical proximity.

PE-6 Monitoring Physical Access partial match

detect

PE-6 monitors physical access to detect unauthorized physical interactions with locked devices that could enable keyboard event injection.

NVD Description

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

Deeper analysisAI

CVE-2024-44286 is a state management vulnerability affecting macOS prior to Sequoia 15.1. It allows an attacker with physical access to a locked device to input keyboard events to applications that are running. The issue is classified under CWE-288 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact.

An attacker requires physical access to the targeted device to exploit this vulnerability. By doing so, they can send keyboard events to apps on a locked macOS device, potentially enabling unauthorized interactions with running applications and access to sensitive data.

Apple addressed this issue through improved state management, with the fix included in macOS Sequoia 15.1. Additional details are available in Apple's security advisory at https://support.apple.com/en-us/121564.

Details

CWE(s): CWE-288

Affected Products

apple

macos

≤ 15.1

CVEs Like This One

CVE-2025-30452Same product: Apple Macos

CVE-2025-43219Same product: Apple Macos

CVE-2025-43189Same product: Apple Macos

CVE-2025-24267Same product: Apple Macos

CVE-2025-24245Same product: Apple Macos

CVE-2026-28817Same product: Apple Macos

CVE-2025-24109Same product: Apple Macos

CVE-2025-24277Same product: Apple Macos

CVE-2025-24241Same product: Apple Macos

CVE-2025-24259Same product: Apple Macos

References

https://support.apple.com/en-us/121564
Release Notes, Vendor Advisory · product-security@apple.com