Apple has released updates for iOS and iPadOS to fix two security issues, one of which could have exposed user passwords through the VoiceOver feature.
The vulnerability (CVE-2024-44204) was discovered by security researcher Bistrit Daha and affected iPhones and iPads using the Passwords app. Apple has resolved the issue with enhanced validation methods.
Devices affected by this issue include:
- iPhone XS and newer
- iPad Pro 13-inch
- iPad Pro 12.9-inch 3rd generation and newer
- iPad Pro 11-inch 1st generation and newer
- iPad Air 3rd generation and newer
- iPad 7th generation and newer
- iPad mini 5th generation and newer
Another security flaw (CVE-2024-44207) impacting the latest iPhone 16 models has also been patched by Apple. This flaw allowed audio capture before the microphone indicator is activated. The issue has been fixed with improved checks.
Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to protect their devices from potential risks.
