CVE-2024-44124 is a vulnerability in Apple’s iOS and iPadOS Bluetooth input device handling that allows a malicious device to bypass the standard pairing process. Normally, Bluetooth input devices such as keyboards or mice require pairing with user interaction to establish a trusted connection. However, due to improper state management in the Bluetooth stack, a specially crafted malicious Bluetooth input device can connect to an iOS or iPadOS device without undergoing the pairing process. This bypass means the attacker can inject input commands remotely without user consent or authentication, potentially leading to unauthorized control or manipulation of the device. The vulnerability does not expose data confidentiality or cause denial of service but compromises device integrity by allowing unauthorized input. The issue was discovered and addressed by Apple in iOS 18 and iPadOS 18 through improved state management to enforce proper pairing requirements. The CVSS v3.1 score is 6.5 (medium severity), reflecting the lack of confidentiality impact but significant integrity impact, low attack complexity, no privileges required, and no user interaction needed. Exploitation requires proximity due to Bluetooth’s limited range. No known exploits have been reported in the wild as of the publication date. This vulnerability primarily affects all versions of iOS and iPadOS prior to version 18.

The primary impact of CVE-2024-44124 is on the integrity of affected iOS and iPadOS devices. An attacker with a malicious Bluetooth input device can bypass pairing and inject unauthorized input commands, potentially executing arbitrary actions on the device. This could lead to unauthorized configuration changes, data manipulation, or execution of commands without user consent. Although confidentiality and availability are not directly affected, the integrity compromise can facilitate further attacks such as social engineering, phishing, or unauthorized access to sensitive applications. Organizations relying heavily on Apple mobile devices, especially in sensitive environments, face risks of device manipulation and potential data compromise. The attack requires physical proximity, limiting remote exploitation but still posing a significant threat in public or shared spaces. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following disclosure. Failure to update devices leaves them vulnerable to unauthorized control via Bluetooth input spoofing.

To mitigate CVE-2024-44124, organizations and users should promptly update all iOS and iPadOS devices to version 18 or later, where the vulnerability is fixed. Beyond patching, organizations should enforce strict Bluetooth usage policies, including disabling Bluetooth when not in use and restricting device discoverability. Implement device management solutions to monitor and control Bluetooth connections and detect unauthorized devices. Educate users about the risks of connecting to unknown Bluetooth devices and encourage vigilance in public or shared environments. For high-security environments, consider disabling Bluetooth input device support entirely or using additional endpoint security controls to detect anomalous input behavior. Regularly audit device configurations and Bluetooth logs for suspicious activity. Finally, coordinate with Apple support and security advisories to stay informed about any emerging threats or additional patches related to Bluetooth vulnerabilities.