Apple Patches Two iOS Bugs: VoiceOver Reads Passwords Aloud, Audio Messages Start Recording Early
Apple has released patches for two iOS bugs that could have compromised user privacy. The first issue involved VoiceOver, an accessibility feature that reads screen elements aloud, potentially announcing stored passwords. The second bug allowed audio messages to start recording before users were aware, capturing a few seconds of audio.
Bug #1: VoiceOver Reads Passwords Aloud
VoiceOver, a feature for visually impaired users, could have read out passwords stored in Apple’s new “Passwords” app due to a logic error. This affected all iPhone and iPad models since 2018. The bug, CVE-2024-44204, was fixed in iOS and iPadOS 18.0.1. While VoiceOver is off by default, users who enabled it could have been affected.
Bug #2: Audio Messages Start Recording Early
The second bug, CVE-2024-44207, affected all new iPhone 16 models. When recording an audio message in iMessage, the device could have captured a few seconds of audio before indicating the microphone was active. This issue, which could aid attackers, was also fixed in iOS 18.0.1.
Impact and Recommendations
Neither bug is a remote exploit, but they could have compromised user privacy. Michael Covington of Jamf recommends updating devices as soon as possible. He notes that accessibility features are typically well-tested for security and privacy.
Conclusion
Apple has addressed these issues, but users should still be aware of the potential for privacy risks with accessibility features and audio recording. Staying up-to-date with software updates is crucial for maintaining device security.
(Citation: Dark Reading, “iPhone Voiceover Feature Read Passwords Aloud, Audio Messages Started Recording Early,” October 4, 2024, by Nate Nelson)
