PT-2024-31084 · Apple · Ipados+3

Christian Mina

Published

2024-10-28

Updated

2025-10-03

CVE-2024-44258

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.1 iPadOS versions prior to 18.1 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 visionOS versions prior to 2.1 tvOS versions prior to 18.1

Description This issue was addressed with improved handling of symlinks. Restoring a maliciously crafted backup file may lead to modification of protected system files, potentially exposing users to privilege escalation attacks.

Recommendations For iOS versions prior to 18.1, update to iOS 18.1 or later. For iPadOS versions prior to 18.1, update to iPadOS 18.1 or later. For iOS versions prior to 17.7.1, update to iOS 17.7.1 or later. For iPadOS versions prior to 17.7.1, update to iPadOS 17.7.1 or later. For visionOS versions prior to 2.1, update to visionOS 2.1 or later. For tvOS versions prior to 18.1, update to tvOS 18.1 or later.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2024-44258

Affected Products

Ios

Ipados

Tvos

Visionos

PT-2024-31084 · Apple · Ipados+3

CVE-2024-44258

Weakness Enumeration

Related Identifiers

Affected Products

References · 28