Headline
iPhone flaw could read your saved passwords out loud. Update now!
Apple has fixed a security issue in iOS (and iPadOS) that could have leaked a user’s passwords through the VoiceOver feature.
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature.
VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on your screen—for example, the battery level, who’s calling you, or what item your finger is on.
Unfortunately, that also included an audible description of a user’s saved passwords, effectively reading aloud someone’s passwords.
While the chance of abusing this vulnerability is relatively small—the device would have to be unlocked and in the attacker’s proximity to exploit it—it’s always better to install security updates as soon as possible. Once criminals know vulnerabilities exist they tend to go looking for unpatched vulnerable devices.
The patch for the flaw (listed as CVE-2024-44207) is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
To check if you’re using the latest software version of iOS and iPadOS, go to Settings > General > Software Update. You want to be on iOS 18.0.1 or iPadOS 18.0.1.
If you’re not on the latest version, you can update from this screen. It’s also worth turning on Automatic Updates if you haven’t already, which you can also do from this screen.
Preferred setting for automatic updates
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
Related news
Apple Security Advisory 10-03-2024-1 - iOS 18.0.1 and iPadOS 18.0.1 addresses an audio capturing issue and a logic issue related to passwords being read aloud.
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.