Apple Rolls Out Crucial iOS and iPadOS Updates to Resolve VoiceOver Password Vulnerability
Apple has rolled out iOS and iPadOS updates to tackle two security concerns, one of which had the potential to expose a user’s passwords through its VoiceOver assistive feature.
The vulnerability, known as CVE-2024-44204, is a flaw in the Passwords app affecting various iPhones and iPads. Security researcher Bistrit Daha discovered and reported this issue.
“VoiceOver had the ability to vocalize saved passwords,” said Apple in a recent advisory, mentioning that the problem has been rectified with enhanced validation.
Devices affected by this issue include:
- iPhone XS and newer models
- iPad Pro 13-inch
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later, and
- iPad mini 5th generation and later
Apple has also fixed a security flaw (CVE-2024-44207) specific to the iPhone 16 series, where audio could be recorded before the microphone indicator turned on, due to an issue in the Media Session component.
“Messages containing audio could capture a few seconds of sound before the microphone indicator activates,” Apple highlighted.
This problem is now resolved with strengthened checks, with credit given to Michael Jimenez and an anonymous researcher for reporting it.
It is recommended that users update to iOS 18.0.1 and iPadOS 18.0.1 to shield their devices against any potential threats.
About Author
