Apple released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read aloud by the supporting VoiceOver technology.
The vulnerability, tracked as CVE-2024-44204, has been described as a logic issue in the new Passwords app that affects a range of iPhones and iPads. Security researcher Bistrit Daha is credited with discovering and reporting the flaw.
“A user’s stored passwords may be read aloud by VoiceOver,” Apple said in an advisory issued this week, adding that the issue had been resolved with improved validation.
The flaw affects the following devices:
- iPhone XS and later
- iPadPro 13-inch
- iPad Pro 12.9-inch 3rd generation and higher
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and higher
- iPad 7th generation and later, and
- iPad mini 5th generation and later
Also patched by Apple is a security issue (CVE-2024-44207) specific to the recently launched iPhone 16 models that could allow audio to be recorded before the microphone indicator is lit. It is rooted in the Media Session component.
“Audio messages in Messages may record a few seconds of audio before activating the microphone indicator,” the iPhone maker noted.
The issue has been resolved with improved controls, it added, crediting Michael Jimenez and an anonymous researcher with reporting it.
Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to protect their devices from potential risks.