Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Avatar
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with
[[{“value”:”

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology.

The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with discovering and reporting the flaw.

“A user’s saved passwords may be read aloud by VoiceOver,” Apple said in an advisory released this week, adding it was resolved with improved validation.

The shortcoming impacts the following devices –

iPhone XS and later
iPad Pro 13-inch
iPad Pro 12.9-inch 3rd generation and later
iPad Pro 11-inch 1st generation and later
iPad Air 3rd generation and later
iPad 7th generation and later, and
iPad mini 5th generation and later

Also patched by Apple is a security vulnerability (CVE-2024-44207) specific to the newly launched iPhone 16 models that allows audio to be captured before the microphone indicator is on. It’s rooted in the Media Session component.

“Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated,” the iPhone maker noted.

The problem has been fixed with improved checks, it added, crediting Michael Jimenez and an anonymous researcher for reporting it.

Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to safeguard their devices against potential risks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Dutch police blame ‘state actor’ for recent data breach

Next Post

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

Related Posts

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done
Avatar
Read More

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina
Omega Balla
Read More