Apple has rolled out updates for iOS and iPadOS to address two significant security flaws, including a vulnerability that could allow VoiceOver, its assistive technology, to read users' saved passwords aloud.
The flaw, identified as CVE-2024-44204, was discovered by security researcher Bistrit Daha. It involved a logic issue in the Passwords app, affecting a range of iPhones and iPads. According to Apple’s advisory, the vulnerability was fixed with improved validation.
The affected devices include:
iPhone XS and later
iPad Pro (13-inch, 12.9-inch 3rd generation and later)
iPad Pro (11-inch 1st generation and later)
iPad Air (3rd generation and later)
iPad (7th generation and later)
iPad mini (5th generation and later)
Apple also patched another vulnerability (CVE-2024-44207) in the newly released iPhone 16 models, where audio could be recorded before the microphone indicator was activated. The issue, rooted in the Media Session component, was resolved with better system checks. Researchers Michael Jimenez and an anonymous contributor were credited for identifying the flaw.
To protect against these risks, users are urged to update to iOS 18.0.1 and iPadOS 18.0.1.
.jpeg)
0 Comments