Exploits

Apple Releases iOS and iPadOS Updates to Fix Password and Audio Vulnerabilities

Published  ·  2 min read

Apple has released updates for iOS and iPadOS to address two significant security issues, including one that could allow passwords to be read aloud by the VoiceOver assistive technology.

The vulnerability, identified as CVE-2024-44204, stems from a logic flaw in the new Passwords app, affecting various iPhone and iPad models. The issue was discovered and reported by security researcher Bistrit Daha.

In a statement, Apple said, "A user's saved passwords may be read aloud by VoiceOver." The flaw has now been fixed with improved validation measures, ensuring that saved passwords are not exposed through VoiceOver.

The affected devices include:

  1. iPhone XS and later
  2. iPad Pro 13-inch
  3. iPad Pro 12.9-inch (3rd generation and later)
  4. iPad Pro 11-inch (1st generation and later)
  5. iPad Air (3rd generation and later)
  6. iPad (7th generation and later)
  7. iPad mini (5th generation and later)

Additionally, Apple addressed another vulnerability (CVE-2024-44207) specific to the recently launched iPhone 16 models. This flaw, rooted in the Media Session component, allowed audio to be captured before the microphone indicator was activated.

"Audio messages in Messages may capture a few seconds of audio before the microphone indicator is on," Apple explained in an advisory. This issue has also been resolved with enhanced checks. The company credited Michael Jimenez and an anonymous researcher for reporting the problem.

To mitigate these risks, users are strongly encouraged to update to iOS 18.0.1 and iPadOS 18.0.1. These updates ensure that both the VoiceOver password flaw and the microphone vulnerability are securely patched, protecting users' devices from potential exploits.

Professional Services

Explore Our Cybersecurity Services

Our insights are backed by hands-on service delivery. If your business needs professional cybersecurity support, our UK-based specialists are ready to help.

© 2016 – 2026 Red Secure Tech Ltd. Registered in England and Wales — Company No: 15581067