Apple Fixes iOS Bug That Exposed Saved Passwords to VoiceOver
Apple Fixes iOS Bug That Exposed Saved Passwords to VoiceOver
Apple has released updates for iOS and iPadOS to address two security vulnerabilities, one of which could allow VoiceOver to read out loud a user’s saved passwords.
Password Exposure via VoiceOver (CVE-2024-44204)
The first vulnerability, CVE-2024-44204, is a logic flaw in the Passwords app, allowing passwords to be read aloud by VoiceOver on various iPhones and iPads. Discovered by Bistrit Daha, this flaw was resolved with improved validation.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Affected devices include:
- iPhone XS and later models
- iPad Pro 13-inch and 12.9-inch (3rd generation and later)
- iPad Air (3rd generation and later)
- iPad mini (5th generation and later)
Audio Capture Before Microphone Activation (CVE-2024-44207)
The second flaw, CVE-2024-44207, affects iPhone 16 models. It allows audio messages in the Messages app to capture a few seconds of sound before the microphone indicator turns on. Discovered by Michael Jimenez and an anonymous researcher, Apple fixed this by improving system checks.
Trending: 10 Misconceptions about Hacking
Trending: Recon Tool: Argus
Update to iOS 18.0.1 and iPadOS 18.0.1
To prevent these vulnerabilities from being exploited, Apple urges users to update to iOS 18.0.1 and iPadOS 18.0.1 immediately.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
