Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 10-03-2024-1

Apple Security Advisory 10-03-2024-1 - iOS 18.0.1 and iPadOS 18.0.1 addresses an audio capturing issue and a logic issue related to passwords being read aloud.

Packet Storm
#web#ios#mac#apple

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1

iOS 18.0.1 and iPadOS 18.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121373.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Media Session
Available for: iPhone 16 (all models)
Impact: Audio messages in Messages may be able to capture a few seconds
of audio before the microphone indicator is activated
Description: This issue was addressed with improved checks.
CVE-2024-44207: Michael Jimenez and an anonymous researcher

Passwords
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A user’s saved passwords may be read aloud by VoiceOver
Description: A logic issue was addressed with improved validation.
CVE-2024-44204: Bistrit Dahal

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer’s Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple’s update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting
Don’t Install will present the option the next time you connect
your iOS device.

The automatic update process may take up to a week depending on
the day that iTunes or the device checks for updates. You may
manually obtain the update via the Check for Updates button
within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be
    "iOS 18.0.1 and iPadOS 18.0.1".

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmb/LLMACgkQX+5d1TXa
Ivp/oBAAtCfF765M4s/Iwi15gaFUFbOe5Droq7gCJEvtwSsfYFESbM5eCiGZjn4y
Na+d9SrlgymDhIz5j6ZDZdSHKjCLhlkYc+JxpjgUM7rPxJtpn1QBGdDcjUfhpesV
sPxIaQk3lok4uLdBt9tbDT1a+pI67vKa2hm3FmZHsj5MZLSUJaR3d5rq2MWo3RjD
dfVsDhdCvnhk0vSA7ro8/EXVX1W6Jq8UQRGMjXcZgTiSWIx4TLdx6cNGD53dPuzl
ffP6M4XHi247tolr8gs0+EBBlnwUVF1DGgx5MZGuxO++MNLo0SF25HTZN6bmuEQy
zcQjuOHUzEazRzs9lO6IqAoY+YFQKW/UN3+Fj0RNKl2OXloRf2DTgl1C53V+uVyB
MdtJtYCJ1YxwKnhzGsmjclk5oqUrtEKL4Yeri1TxbfXBgoFflNLNRgRrwqkIoPKy
XURcpZ7/yD62Y4uMDIXFWV6FlEPZ/lPnM9Yh7Nh3ocJwJFlsHItuhJrwgyjLkfCZ
Lnerb7en4FbxEfewnjbdCh06P58e5c3XVVSVGNwIyIxeoTO7lT7E7V9tcaSi1L9s
QYN5+zcssTumEdbns6mwivpES16Z+4LuQZfgcfynreLZA6B7LHgqXEmSDcujF8SC
P4hiBFqyccXGrvTR47fGf8+6JPnErrFKOBEcfEu7NUYW8smtxM0=
=n+NZ
-----END PGP SIGNATURE-----

Related news

iPhone flaw could read your saved passwords out loud. Update now!

Apple has fixed a security issue in iOS (and iPadOS) that could have leaked a user's passwords through the VoiceOver feature.

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with

iPhone 'VoiceOver' Feature Could Read Passwords Aloud

CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.

iPhone 'VoiceOver' Feature Could Read Passwords Aloud

CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution