CVE-2024-44286

Description

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Sequoia < 15.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# This is a conceptual Proof of Concept (PoC) for CVE-2024-44286.
# It demonstrates the mechanism of injecting keyboard events into a locked macOS session.
# Note: Actual exploitation requires physical access and specific hardware interaction.

import time

# Simulate the vulnerability scenario
def exploit_cve_2024_44286():
    print("[+] Starting PoC for CVE-2024-44286...")
    print("[!] Prerequisite: Physical access to the target macOS device.")
    
    # Attacker connects a keyboard to the locked device
    print("[1] Physical keyboard connected.")
    
    # Wait for the device to be in a locked state but vulnerable to input injection
    time.sleep(2)
    
    # Simulate sending keyboard events (e.g., Spotlight search injection)
    # In a real exploit, this might use CGEvent or HID APIs
    simulated_input = "cmd+space"
    print(f"[2] Sending keyboard event sequence: {simulated_input}")
    
    # The system processes the event despite being locked due to state management flaw
    print("[3] Event injected into background application session.")
    print("[+] Exploit successful. Interaction with locked app achieved.")

if __name__ == "__main__":
    exploit_cve_2024_44286()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-44286
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-44286
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-44286/
[4] VulDB https://vuldb.com/cve/CVE-2024-44286
[5] https://support.apple.com/en-us/121564

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-44286", "sourceIdentifier": "[email protected]", "published": "2026-04-02T19:18:36.140", "lastModified": "2026-04-03T17:53:53.080", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.1", "matchCriteriaId": "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA"}]}]}], "references": [{"url": "https://support.apple.com/en-us/121564", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}