Apple has released iOS and iPadOS updates addressing two critical security concerns, including one that could have allowed users’ passwords to be read aloud by its assistive technology.
A critical vulnerability, identified by CVE-2024-44204, has been discovered in Apple’s newly released Passwords app, affecting numerous iPhone and iPad devices. Pioneering safety researcher Bistrit Daha has garnered acclaim for his groundbreaking discovery and timely report of a critical vulnerability.
Apple revealed this week that a vulnerability had been discovered, where a consumer’s saved passwords could be read aloud using VoiceOver, but the company has since resolved the issue through improved validation.
The shortcoming has a ripple effect on future devices –
- iPhone XS and later
- iPad Professional 13-inch
- iPad Pro 12.9-inch (3rd generation and later):
- The iPad Pro 11-inch with the first-generation processor or later.
- The iPad Air, with its sleek design and powerful performance, has become a staple in many households. Initially released in 2013, the third generation of this iconic tablet introduced a new level of sophistication.
Its A7 chip, boasting 64-bit architecture, enabled seamless multitasking, while the M7 motion coprocessor ensured precise gestures and intuitive navigation. The iPad Air’s Retina display showcased vibrant colors and crisp text, perfect for reading, browsing, or watching videos.
Moreover, the device’s compact form factor made it an excellent choice for on-the-go entertainment. With its 10-hour battery life, users could enjoy their favorite movies or TV shows without worrying about running out of juice.
- iPad (7th generation) and later,
- The iPad mini (5th generation) and later devices feature a potent A12 Bionic chip, propelling performance to new heights while minimizing power consumption. With the advent of iOS 14, users can enjoy an even more seamless experience, as the operating system harmonizes with the hardware to deliver unparalleled efficiency.
A critical security flaw, designated CVE-2024-44207 by Apple, has been identified in the recently released iPhone 16 models. This vulnerability allows audio to be recorded before the microphone indicator illuminates, posing a significant risk to users’ privacy and security. Rooted within the Media Session component.
Apple acknowledged that audio messages sent via Messages may capture several seconds of audio before the microphone icon appears on screen, indicating recording has begun.
The issue has been mitigated through enhanced validation processes, acknowledging the contributions of Michael Jimenez and a unnamed researcher who brought it to attention.
Apple recommends that customers update their devices to iOS 18.0.1 and iPadOS 18.0.1 to ensure the security and integrity of their devices by mitigating potential risks.
