December 23, 2024
Apple releases critical iOS and iPadOS updates to fix VoiceOver password vulnerability

Apple releases critical iOS and iPadOS updates to fix VoiceOver password vulnerability

October 5, 2024Ravie LakshmananData Privacy / Mobile Security

Apple releases critical iOS and iPadOS updates to fix VoiceOver password vulnerability

Apple released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read aloud by the supporting VoiceOver technology.

The vulnerability, tracked as CVE-2024-44204, has been described as a logic issue in the new Passwords app that affects a range of iPhones and iPads. Security researcher Bistrit Daha is credited with discovering and reporting the flaw.

“A user’s stored passwords may be read aloud by VoiceOver,” Apple said in an advisory issued this week, adding that the issue had been resolved with improved validation.

The flaw affects the following devices:

  • iPhone XS and later
  • iPadPro 13-inch
  • iPad Pro 12.9-inch 3rd generation and higher
  • iPad Pro 11-inch 1st generation and later
  • iPad Air 3rd generation and higher
  • iPad 7th generation and later, and
  • iPad mini 5th generation and later
Cybersecurity

Also patched by Apple is a security issue (CVE-2024-44207) specific to the recently launched iPhone 16 models that could allow audio to be recorded before the microphone indicator is lit. It is rooted in the Media Session component.

“Audio messages in Messages may record a few seconds of audio before activating the microphone indicator,” the iPhone maker noted.

The issue has been resolved with improved controls, it added, crediting Michael Jimenez and an anonymous researcher with reporting it.

Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to protect their devices from potential risks.

Did you find this article interesting? Follow us further Tweet and LinkedIn to read more exclusive content we post.

Leave a Reply

Your email address will not be published. Required fields are marked *