Man
Professional
- Messages
- 2,956
- Reaction score
- 477
- Points
- 83
No more "listening" until the microphone is activated.
Apple has released updates to iOS and iPadOS to address two security vulnerabilities. One of them was a bug that allowed you to read saved passwords using VoiceOver technology.
The vulnerability, which received the identifier CVE-2024-44204, arose due to a logical error in the Passwords app and affected a wide range of iPhone and iPad models. The problem was that saved passwords could be read aloud using VoiceOver. To address this issue, Apple has implemented improved data verification.
The vulnerability affected the following devices:
In addition, Apple has fixed another vulnerability (CVE-2024-44207) specific to the recently released iPhone 16 models. The issue was related to the Media Session component and allowed audio messages to record audio before the microphone indicator was activated.
According to the company, audio messages could capture several seconds of audio before users saw an indication of microphone operation. Improved checks have also been applied to address this vulnerability. The problem was identified by researchers Michael Jimenez and an anonymous expert.
Users are advised to update their devices to iOS 18.0.1 and iPadOS 18.0.1 to protect them from potential threats.
Source
Apple has released updates to iOS and iPadOS to address two security vulnerabilities. One of them was a bug that allowed you to read saved passwords using VoiceOver technology.
The vulnerability, which received the identifier CVE-2024-44204, arose due to a logical error in the Passwords app and affected a wide range of iPhone and iPad models. The problem was that saved passwords could be read aloud using VoiceOver. To address this issue, Apple has implemented improved data verification.
The vulnerability affected the following devices:
- iPhone XS and newer models,
- iPad Pro 13-inch,
- iPad Pro 12.9-inch 3rd generation and later,
- iPad Pro 11-inch 1st generation and later,
- iPad Air 3rd generation and later,
- iPad 7th generation and later,
- iPad mini 5th generation and later.
In addition, Apple has fixed another vulnerability (CVE-2024-44207) specific to the recently released iPhone 16 models. The issue was related to the Media Session component and allowed audio messages to record audio before the microphone indicator was activated.
According to the company, audio messages could capture several seconds of audio before users saw an indication of microphone operation. Improved checks have also been applied to address this vulnerability. The problem was identified by researchers Michael Jimenez and an anonymous expert.
Users are advised to update their devices to iOS 18.0.1 and iPadOS 18.0.1 to protect them from potential threats.
Source
