Apple recently released updates for iOS and iPadOS to fix a security vulnerability in the VoiceOver feature that could potentially read aloud users’ saved passwords. This issue impacted the Passwords app, a tool introduced by Apple for iPhones, iPads, and Macs. The vulnerability was addressed in the iOS 18.0.1 and iPadOS 18.0.1 updates, rolled out last Thursday (October 3).
The bug allowed the VoiceOver accessibility tool, designed to read on-screen text for users, to bypass normal security restrictions and read aloud passwords stored in the Passwords app. This posed a significant privacy risk for users relying on the feature for accessibility.
The issue has been documented in the US National Vulnerability Database (NVD) and is identified by the code CVE-2024-44204. While Apple has not provided many details, the company referred to the vulnerability as a “logic problem,” indicating it was related to how the feature processed information. Users are encouraged to update their devices to ensure their data remains secure.
Vulnerable devices
All devices compatible with iOS 18 and iPadOS 18 need to be updated. See the list:
iPhone
- iPhone XS
- iPhone XS Max
- iPhone XR
- iPhone 11
- iPhone 11 Pro
- iPhone 11 Pro Max
- iPhone 12
- iPhone 12 Mini
- iPhone 12 Pro
- iPhone 12 Pro Max
- iPhone 13
- iPhone 13 Mini
- iPhone 13 Pro
- iPhone 13 Pro Max
- iPhone 14
- iPhone 14 Plus
- iPhone 14 Pro
- iPhone 14 Pro Max
- iPhone 15
- iPhone 15 Plus
- iPhone 15 Pro
- iPhone 15 Pro Max
- iPhone 16
- iPhone 16 Pro
- iPhone 16 Pro Max
- iPhone SE (2020)
- iPhone SE (2022)
iPad
- iPad Pro 13 inches;
- iPad Pro 12.9 inches (3rd generation or later);
- iPad Pro 11 inches (1st generation or later);
- iPad Air (3rd generation or later);
- iPad (7th generation or later);
- iPad mini (5th generation or later).
To update the device, follow the path Settings > General > “Software Updates” and download the new package.
