Apple released iOS and iPadOS updates to address two security issues, one of which could allow a user’s passwords to be read aloud. VoiceOver assistive technology.
The vulnerability, tracked as CVE-2024-44204, was described as a logic issue in the new Passwords app that affects many iPhones and iPads. Security researcher Bistreet Dah is credited with discovering and reporting the flaw.
“User’s saved passwords can be read aloud with VoiceOver,” Apple said in an advisory issued this week, adding that it was addressed with improved verification.
The following devices are affected by the flaw –
- iPhone XS and later versions
- iPad Pro 13 inches
- 12.9-inch iPad Pro 3rd generation and later
- 11-inch iPad Pro 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later versions and
- iPad mini 5th generation and later
Apple also patched a security vulnerability (CVE-2024-44207) in the recently released iPhone 16 models that allows audio to be recorded even before the microphone indicator lights up. It is based on the Media Session component.
“Audio messages in Messages may capture a few seconds of audio before the microphone indicator is activated,” the iPhone maker noted.
The issue has been fixed with improved checks, adds a post from Michael Jimenez and an anonymous researcher.
Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to protect their devices from potential risks.
