Apple Patches a Password Vulnerability on iPhone and iPad

If you use an iPhone or iPad, take note: You need to update your device(s) as soon as possible. This week, Apple patched a security flaw for any iPhones and iPads running iOS 18, as well as one other security vulnerability affecting the new iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max. The flaw that
October 7, 2024
 / 
meritsolutions
 / 
Image

If you use an iPhone or iPad, take note: You need to update your device(s) as soon as possible. This week, Apple patched a security flaw for any iPhones and iPads running iOS 18, as well as one other security vulnerability affecting the new iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max.

The flaw that affects iPhones and iPads has to do with Passwords, the new app Apple introduced with iOS 18. Due to a logic issue, your passwords can be read out loud via VoiceOver, iOS and iPadOS’ built-in text reader. Apple does not specify how this can happen, but if a bad actor discovers how, they can presumably exploit the flaw to play your passwords from your iPhone or iPad’s speaker, and break into your accounts.

This flaw, CVE-2024-44204, affects iPhone XS and newer, as well as as iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

That’s not the only security flaw Apple patched with its latest update, however. iOS 18.0.1 also comes with a fix for CVE-2024-44207, a flaw that affects Apple’s iPhone 16 devices. If you have one of these brand new iPhones, you have a flaw in the Messages app, where audio messages may capture a few seconds of audio before the microphone indicator (the orange light that appears when the microphone is enabled) activates. This indicator is supposed to come on any time an app (including Apple’s) accesses your microphone, so it’s quite a serious flaw. Hopefully, Apple fixed the issue for good, so no malicious apps figure out a way to turn on your microphone without your knowledge.

How to update your iPhone or iPad to iOS 18.0.1

To patch these security vulnerabilities, you’ll need to update your iPhone or iPad to iOS 18.0.1. To do so, open the Settings app, then choose General > Software Update. Follow the on-screen directions here to install the update and fix the issues. If your iPhone or iPad is not compatible with iOS 18.0.1 or iPadOS 18.0.1, you don’t have to worry about these flaws.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.