Apple Issues Urgent iOS and iPadOS Updates to Address VoiceOver Password Security Flaw

Apple has rolled out updates for iOS and iPadOS to address two security vulnerabilities, including one that could have enabled VoiceOver assistive technology to read out users’ passwords.

The flaw, identified as CVE-2024-44204, is a logic issue within the new Passwords app affecting various iPhone and iPad models. Security researcher Bistrit Daha discovered and reported this vulnerability. Apple stated in an advisory that “a user’s saved passwords may be read aloud by VoiceOver,” and confirmed it has been fixed with enhanced validation measures.

The devices impacted by this vulnerability include:

  • iPhone XS and newer
  • iPad Pro 13-inch
  • iPad Pro 12.9-inch (3rd generation and later)
  • iPad Pro 11-inch (1st generation and later)
  • iPad Air (3rd generation and later)
  • iPad (7th generation and later)
  • iPad mini (5th generation and later)

Additionally, Apple addressed another security flaw (CVE-2024-44207) that affects the newly released iPhone 16 models, which could allow audio capture before the microphone indicator is activated, stemming from the Media Session component. Apple noted that “audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated” and resolved the issue with improved checks. This vulnerability was reported by Michael Jimenez and an anonymous researcher.

Users are urged to update their devices to iOS 18.0.1 and iPadOS 18.0.1 to protect against these potential threats.

Share this post :