Apple fixes bug that let VoiceOver shout your passwords
Not a great look when the iGiant just launched its first password manager
Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which might cause users' saved passwords to be read aloud. It's hardly an ideal situation for the visually impaired.
For those who rely on the accessibility features baked into their iGadgets, namely Apple's VoiceOver screen reader, now is a good time to apply the latest update.
In typical Apple fashion, the company hasn't released much in the way of details about the first security issue, tracked as CVE-2024-44204, which makes it tougher to understand the conditions under which this vulnerability could be triggered, or how to avoid it until the update is applied.
What we do know is that it was characterized as a logic issue, which Apple rectified by improving validation.
The disclosure of the bug comes less than a month after iOS 18 and iPadOS 18 debuted. Ironically, this release included Apple's first native password manager, the Passwords app.
It's unclear whether the issue was with the app itself or another area of the iOS/iPadOS 18 release, however, saved passwords are affected.
Devices that need updating include:
-
iPhone XS and later
-
iPad Pro 13-inch
-
iPad Pro 12.9-inch third generation and later
-
iPad Pro 11-inch first generation and later
-
iPad Air third generation and later
-
iPad seventh generation and later
-
iPad mini fifth generation and later
A severity score has yet to be assigned to the bug, which is perhaps due to ongoing backlog issues at the National Vulnerability Database.
- Scammers in the slammer for years after ripping off Apple with fake iPhone returns
- Apple quietly removed 60 more VPNs from Russian app store, researchers claim
- Unions 2, Apple 0: Cupertino caves after fresh strike threat
- Apple ropes off at least 4 GB of iPhone storage to house AI
Also included in the 18.0.1 update is a fix for another audio-based bug. CVE-2024-44207 only affects iPhone 16 – all models of the latest smartphone – but it captures more audio than the user interface indicates.
The vulnerability is triggered when sending audio messages in iMessage. Apple users will know that when the microphone is enabled, a small orange dot will appear in the device's Dynamic Island to indicate that audio is being recorded.
However, the latest fix addresses an issue whereby the iPhone 16 may in some cases capture a few seconds of audio before that orange indicator is displayed.
This one isn't the most jaw-dropping bug to ever be fixed, though it will likely bother privacy-minded users, so it's well worth a fix. And fixed it was, with improved checks, Apple said. ®