PT-2024-31037 · Apple · Voiceover+3
Bistrit Dahal
·
Published
2024-10-03
·
Updated
2024-11-23
·
CVE-2024-44204
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 18.0.1
iPadOS versions prior to 18.0.1
Description
A logic issue was addressed with improved validation, allowing a user's saved passwords to be read aloud by VoiceOver. This issue is related to the VoiceOver feature in iOS and iPadOS, which could expose passwords. The flaw was reported by a researcher and has been resolved with improved validation. iPhone XS and later, plus iPads from the Pro, Air, and Mini series, are impacted.
Recommendations
Update to iOS 18.0.1 to fix the issue.
Update to iPadOS 18.0.1 to fix the issue.
As a temporary workaround, consider disabling the VoiceOver feature until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Voiceover
Ios
Ipados
Iphone Xs