Summary: Apple has issued updates for iOS and iPadOS to fix two significant security vulnerabilities, one allowing saved passwords to be read aloud by VoiceOver and another affecting audio capture on iPhone 16 models. Users are encouraged to update their devices to ensure protection against these issues.
Threat Actor: N/A | N/A
Victim: Apple Users | Apple Users
Key Point :
- Vulnerability CVE-2024-44204 could allow VoiceOver to read saved passwords aloud.
- Devices affected include iPhone XS and later, various iPad models, and iPad Air 3rd generation and later.
- Vulnerability CVE-2024-44207 allows audio capture before the microphone indicator is activated on iPhone 16 models.
- Users should update to iOS 18.0.1 and iPadOS 18.0.1 for security enhancements.
- macOS Sequoia updates improve compatibility with third-party security software.
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology.
The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with discovering and reporting the flaw.
“A user’s saved passwords may be read aloud by VoiceOver,” Apple said in an advisory released this week, adding it was resolved with improved validation.
The shortcoming impacts the following devices –
- iPhone XS and later
- iPad Pro 13-inch
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later, and
- iPad mini 5th generation and later
Also patched by Apple is a security vulnerability (CVE-2024-44207) specific to the newly launched iPhone 16 models that allows audio to be captured before the microphone indicator is on. It’s rooted in the Media Session component.
“Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated,” the iPhone maker noted.
The problem has been fixed with improved checks, it added, crediting Michael Jimenez and an anonymous researcher for reporting it.
Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to safeguard their devices against potential risks.
Update
Apple has also released updates for macOS Sequoia (version 15.0.1) to improve compatibility with third-party security software and reliability for single sign-on authentication in Safari.
The updates follow reports last month that issues in the latest operating system broke the functionality of security products from CrowdStrike, Microsoft, SentinelOne, and others.
Source: https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html