Apple has released new updates for iOS and iPadOS to fix two important security problems affecting many iPhone and iPad models. These Apple updates, now available as iOS 18.0.1 and iPadOS 18.0.1, fix issues that could have put users’ privacy at risk, including a bug that allowed saved passwords to be spoken out loud using Apple’s VoiceOver assistive technology.
Password Vulnerability: CVE-2024-44204
The first vulnerability tracked as CVE-2024-44204, was discovered by security researcher Bistrit Daha and affects the Passwords app on iPhones and iPads. The flaw stems from a logic issue within the app, allowing passwords stored on the device to be read aloud by VoiceOver, a feature designed to assist visually impaired users by narrating the content on their screen.
VoiceOver, a gesture-based screen reader, enables users to navigate their iPhones even without viewing the screen by providing audible descriptions of elements such as battery levels, incoming calls, and other screen content. While this feature is invaluable for accessibility, the vulnerability could allow malicious actors to exploit it, gaining access to sensitive information, including stored passwords.
According to Apple’s advisory, the issue has now been resolved with improved validation processes. Apple credits Daha with identifying and reporting the vulnerability, highlighting the importance of independent security researchers in uncovering potential risks to users.
The affected devices include:
- iPhone XS and later
- iPad Pro 13-inch and 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
Apple strongly encourages users of these devices to update to iOS 18.0.1 or iPadOS 18.0.1 to secure their systems against this vulnerability.
Audio Vulnerability in iPhone 16 Models: CVE-2024-44207
In addition to the VoiceOver flaw, Apple has also addressed a security issue exclusive to its newly launched iPhone 16 models. This second vulnerability, identified as CVE-2024-44207, involves the device’s Media Session component and could allow audio messages to capture a few seconds of audio before the microphone indicator is activated.
The microphone indicator, a privacy feature that lights up to inform users when the microphone is in use, is designed to prevent unauthorized audio recordings. However, this flaw allowed for a brief capture of audio even before the indicator was turned on, potentially exposing users’ private conversations.
This vulnerability was discovered by security researcher Michael Jimenez and another anonymous researcher. Apple’s advisory notes that the issue has now been fixed, ensuring that audio capture cannot occur before the microphone indicator is engaged.
Importance of Timely Apple Updates
With both vulnerabilities now resolved, Apple is urging all users to update their devices to the latest software versions—iOS 18.0.1 and iPadOS 18.0.1. These updates not only patch the security flaws but also improve the overall stability and functionality of Apple devices.
Security patches like these address vulnerabilities that could be exploited by attackers to gain access to personal data, intercept communications, or compromise the integrity of the device. These vulnerabilities, particularly the one involving password exposure, highlight how even the most innocuous features like screen readers can become security risks if left unaddressed, Regular software updates are one of the simplest and most effective ways to protect personal data.
How to Update Your iPhone or iPad Wirelessly
Apple has made updating devices a straightforward process. Users can update their iPhones or iPads over Wi-Fi by following these simple steps:
- Back up your device using iCloud or your computer to ensure your data is safe in case anything goes wrong during the update process.
- Plug your device into power and connect to the internet with Wi-Fi.
- Go to Settings > General, then tap Software Update.
- If more than one update option is available, select the one you want to install.
- Tap Install Now. If the option to download appears first, tap Download and Install, enter your passcode if prompted, and then tap Install Now to complete the update.
By updating to iOS 18.0.1 and iPadOS 18.0.1, Apple users can safeguard their devices against these specific vulnerabilities. Moving forward, it is crucial for users to stay informed about security updates and take prompt action to keep their devices and personal information secure.