Mario Bautista
If you have any Apple devices running iOS 18, you’d better go make sure they have the latest security updates. That’s because Apple has just released fixes for some major flaws, including a bug that could apparently allow an attacker to make your device read your stored password aloud through the VoiceOver accessibility feature.
That bug, known most officially as CVE-2024-44204, seems to come down to a logic problem in Apple’s new Passwords app, and it affects seemingly any iPhone and iPad running the latest version of the fruit company’s mobile operating system. Apple credits security researcher Bistrit Dahal with finding and reporting the issue.
This update also patches another security vulnerability, discovered by Michael Jiminez and “an anonymous researcher”, where the iPhone 16 might begin capturing a few seconds of audio before the microphone indicator is activated. This could be used by bad actors to quietly record audio from your device without your knowledge, although they would of course already have to have remote access on your device. It’s more likely than you think.
Per Apple, these updates are available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. Basically anything that can run iOS 18. Your phone has probably already downloaded the update for you, so just make sure there are no available updates by going to Settings -> General -> Software Update.
