iOS

iOS 18 VoiceOver reads passwords out loud

A critical security flaw in iOS and iPadOS allowed the VoiceOver feature to read out saved passwords. Apple has responded with update 18.0.1 and closed this dangerous vulnerability. Users should update their devices immediately.

Critical security flaw discovered in iOS and iPadOS

A serious security flaw in Apple’s iOS and iPadOS operating systems has caused a stir in the tech world. The vulnerability allows the VoiceOver feature, which is actually intended for accessibility, to read saved passwords out loud. This issue affected a variety of iPhone and iPad models and poses a significant security risk. Having passwords read aloud by an assistive technology such as VoiceOver is particularly critical. It compromises the confidentiality of sensitive data and could potentially allow unauthorized access to personal accounts.

The vulnerability, identified as CVE-2024-44204, was described as a logical issue in the new password app.

Apple’s reaction

It affected devices from the iPhone XS upwards as well as various iPad models, including the iPad Pro, iPad Air from the third generation and the iPad mini from the fifth generation. Apple responded promptly to the discovery and released a security update. In one official announcement the company explained:

A user’s saved passwords could be read aloud by VoiceOver. This issue was resolved through improved validation. Apple Inc.

Apple emphasized that the problem was quickly resolved. Users are urged to update their devices to iOS 18.0.1 or iPadOS 18.0.1 to protect themselves from possible risks.

Background and other security gaps

The vulnerability emerged shortly after the launch of iOS 18 and iPadOS 18, which included Apple’s first native password manager, the “Passwords” app. It remains unclear whether the problem was directly related to this new app or lay in another area of ​​the operating system.

In addition to the VoiceOver vulnerability, the update also addressed another security vulnerability that specifically affected the new iPhone 16 models:

  • CVE-2024-44207: Allowed a few seconds of audio to be recorded during voice messages in the Messages app before the microphone indicator was enabled.
  • Solution: This problem has also been resolved with improved checking mechanisms.

The discovery of these vulnerabilities underscores the importance of regular software updates and shows that even large technology companies like Apple are not immune to errors. Notably, the VoiceOver vulnerability was discovered and reported by a third-party security researcher, Bistrit Daha, highlighting the importance of independent security audits. 

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

14 hours ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

14 hours ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

14 hours ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

14 hours ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

14 hours ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

14 hours ago