Description
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local keyboard event injection on a locked device
Action: Immediate Patch
AI Analysis

Impact

An attacker with physical access can inject arbitrary keyboard events into any applications running on a macOS device that is locked, potentially enabling the attacker to execute unintended commands, capture sensitive input, or otherwise disrupt user activity. The vulnerability stems from insufficient state management in input handling and is classified as CWE-288, indicating a failure in authentication or message integrity.

Affected Systems

Apple macOS versions prior to Sequoia 15.1 are affected, including Sequoia 15.0 and earlier. The fix was incorporated in macOS Sequoia 15.1, so all releases before that are vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, but the EPSS score of under 1% suggests a low likelihood of public exploitation. The vulnerability is not listed in the CISA KEV catalog, and it requires physical presence on the device to perform the attack. If exploited, the attacker can manipulate any running application while the device is locked, potentially leading to data exposure or unauthorized control.

Generated by OpenCVE AI on April 3, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.1 or later to apply the patch that stops keyboard injection on locked devices.
  • Keep the device in a physically secure location to reduce the chance of someone gaining physical access.
  • Ensure the screen lock is enabled at all times, and consider logging out or locking the system immediately after use to limit available input windows.

Generated by OpenCVE AI on April 3, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/121564 cve-icon cve-icon
History

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Title Keyboard Event Injection on Locked macOS Devices

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Keyboard Event Injection on Locked macOS Devices
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T19:57:15.594Z

Reserved: 2024-08-20T21:45:40.796Z

Link: CVE-2024-44286

cve-icon Vulnrichment

Updated: 2026-04-02T19:56:00.487Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:18:36.140

Modified: 2026-04-03T17:53:53.080

Link: CVE-2024-44286

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:14Z

Weaknesses