{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-44286", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-08-20T21:45:40.796Z", "datePublished": "2026-04-02T18:13:22.295Z", "dateUpdated": "2026-04-02T19:57:15.594Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with physical access can input keyboard events to apps running on a locked device"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device."}], "references": [{"url": "https://support.apple.com/en-us/121564"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:13:22.295Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-288", "lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T19:56:48.773840Z", "id": "CVE-2024-44286", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:57:15.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-44286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T19:56:48.773840Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:56:00.487Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "15.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/121564"}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with physical access can input keyboard events to apps running on a locked device"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:13:22.295Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44286", "state": "PUBLISHED", "dateUpdated": "2026-04-02T19:57:15.594Z", "dateReserved": "2024-08-20T21:45:40.796Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-04-02T18:13:22.295Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA", "versionEndExcluding": "15.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device."}], "id": "CVE-2024-44286", "lastModified": "2026-04-03T17:53:53.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-02T19:18:36.140", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121564"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-04-03T20:22:51.218763+00:00", "value": {"mitigation_remediation": ["Install macOS Sequoia 15.1 or later to apply the patch that stops keyboard injection on locked devices. ", "Keep the device in a physically secure location to reduce the chance of someone gaining physical access. ", "Ensure the screen lock is enabled at all times, and consider logging out or locking the system immediately after use to limit available input windows."], "summary": {"action": "Immediate Patch", "impact": "Local keyboard event injection on a locked device"}, "threat_synthesis": {"affected_systems": "Apple macOS versions prior to Sequoia 15.1 are affected, including Sequoia 15.0 and earlier. The fix was incorporated in macOS Sequoia 15.1, so all releases before that are vulnerable.", "description_and_impact": "An attacker with physical access can inject arbitrary keyboard events into any applications running on a macOS device that is locked, potentially enabling the attacker to execute unintended commands, capture sensitive input, or otherwise disrupt user activity. The vulnerability stems from insufficient state management in input handling and is classified as CWE-288, indicating a failure in authentication or message integrity.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, but the EPSS score of under 1% suggests a low likelihood of public exploitation. The vulnerability is not listed in the CISA KEV catalog, and it requires physical presence on the device to perform the attack. If exploited, the attacker can manipulate any running application while the device is locked, potentially leading to data exposure or unauthorized control."}}}}, "created": "2026-04-03T07:31:57.399552+00:00", "updated": "2026-04-03T21:17:14.205714+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}