CVE-2024-44191: 
Xcode vulnerability analysis and mitigation

CVE-2024-44191 is a security vulnerability affecting multiple Apple operating systems including iOS 17.7, iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18, and tvOS 18. The vulnerability was discovered by Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef, and was disclosed on September 16, 2024. The issue allows an app to gain unauthorized access to Bluetooth functionality (Apple Security).

The vulnerability exists in the Kernel component of affected Apple operating systems and was addressed through improved state management. The issue has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local access is required, low attack complexity, low privileges required, no user interaction needed, and potential for high impact on integrity (NVD).

When exploited, this vulnerability allows a malicious application to gain unauthorized access to Bluetooth functionality, potentially compromising the system's security boundaries and enabling unauthorized control over Bluetooth operations (Apple Security).

Apple has addressed this vulnerability by implementing improved state management in the affected systems. Users are advised to update to iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, or tvOS 18, depending on their device (Apple Security).