CVE-2024-44286
Physical Keyboard Input Vulnerability on Locked macOS Sequoia Devices
Publication date: 2026-04-02
Last updated on: 2026-04-03
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 15.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with physical access to a locked macOS Sequoia device to input keyboard events to applications running on the device. The issue was related to improper state management and has been fixed in macOS Sequoia 15.1.
How can this vulnerability impact me? :
An attacker with physical access to a locked device could potentially interact with applications by sending keyboard inputs, which might lead to unauthorized actions or data exposure on the device.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your device to macOS Sequoia 15.1 or later, where the issue has been fixed through improved state management.
Additionally, restrict physical access to your device to prevent attackers from inputting keyboard events on a locked device.