Apple has recently addressed two security vulnerabilities in iOS 18.0.1 and iPadOS 18.0.1, one of which could result in users’ saved passwords being read aloud—a less-than-ideal situation, especially for visually impaired users.
For those who depend on accessibility features such as Apple’s VoiceOver screen reader, applying the latest update is essential to prevent this issue.
As is often the case with Apple, the company has provided limited details regarding the first security flaw, identified as CVE-2024-44204.
This lack of information makes it difficult to understand the specific conditions that could trigger the vulnerability or how to mitigate the risk before the update is installed.
However, what is known is that the bug was categorized as a logic issue, which Apple has fixed by enhancing validation processes.
Interestingly, the disclosure of this bug comes less than a month after the launch of iOS 18 and iPadOS 18, which introduced Apple’s first native password manager, the Passwords app.
While it’s unclear if the vulnerability was directly related to the app or another aspect of the iOS/iPadOS 18 release, saved passwords were clearly impacted.
The following devices require the update:
– iPhone XS and later
– iPad Pro 13-inch
– iPad Pro 12.9-inch (third generation and later)
– iPad Pro 11-inch (first generation and later)
– iPad Air (third generation and later)
– iPad (seventh generation and later)
– iPad mini (fifth generation and later)
At this time, the severity score for the vulnerability has not been assigned, which could be due to a backlog at the National Vulnerability Database.
Additionally, the 18.0.1 update includes a fix for another audio-related bug, CVE-2024-44207, which exclusively affects the iPhone 16.
This flaw causes the device to record more audio than indicated by the user interface when sending audio messages via iMessage.
Normally, the appearance of a small orange dot on the Dynamic Island signals that the microphone is active and recording.
However, the vulnerability allowed the iPhone 16 to capture a few extra seconds of audio before the orange dot appeared.
While this bug may not be the most severe one Apple has encountered, it could still be a concern for users focused on privacy. Apple has resolved the issue with enhanced checks.