Annual recap
Mobile security · 2024
2024 review indexed by Appaloosa Scout: 1 823 mobile CVE published, 39 added to the CISA KEV catalog (exploited in real attacks), 2 mobile apps affected by at least one KEV.
- CVE indexed this year
- 1 823
- CISA KEV added
- 39
- Tracked apps affected
- 2
Severity distribution
CRITICAL
76
HIGH
1 113
MEDIUM
93
LOW
8
Top 10 mobile KEV of the year
Sorted by number of mobile apps affected (CVSS as tiebreaker).
| CVE | Severity | Apps | Added to KEV | Description |
|---|---|---|---|---|
|
CVE-2024-9680
1 apps
|
CRITICAL 9.8 | 1 | 2024-10-15 | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had re… |
|
CVE-2024-39891
1 apps
|
MEDIUM 5.3 | 1 | 2024-07-23 | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access t… |
|
CVE-2024-4577
0 apps
|
CRITICAL 9.8 | 0 | 2024-06-12 | Argument Injection in PHP-CGI |
|
CVE-2024-21410
0 apps
|
CRITICAL 9.8 | 0 | 2024-02-15 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
CVE-2023-29357
0 apps
|
CRITICAL 9.8 | 0 | 2024-01-10 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
|
CVE-2024-49039
0 apps
|
HIGH 8.8 | 0 | 2024-11-12 | Windows Task Scheduler Elevation of Privilege Vulnerability |
|
CVE-2024-43461
0 apps
|
HIGH 8.8 | 0 | 2024-09-16 | Windows MSHTML Platform Spoofing Vulnerability |
|
CVE-2024-38189
0 apps
|
HIGH 8.8 | 0 | 2024-08-13 | Microsoft Project Remote Code Execution Vulnerability |
|
CVE-2024-30040
0 apps
|
HIGH 8.8 | 0 | 2024-05-14 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
|
CVE-2024-29988
0 apps
|
HIGH 8.8 | 0 | 2024-04-30 | SmartScreen Prompt Security Feature Bypass Vulnerability |
Top vendors by KEV this year
- 1 Authy 1 KEV · 1 apps
- 2 Mozilla 1 KEV · 1 apps
Most affected apps
Methodology
KEV: added to the CISA catalog during the year (kev_added_date). CVE: NVD publication date. Apps: those indexed in Scout at query time; the history evolves as new mappings are added.