Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers.

Apple released iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respectively tracked as CVE-2024-44207 and CVE-2024-44204.

The company addressed the vulnerability by improving checks. The flaw was reported by Michael Jimenez and an anonymous researcher.

The vulnerability CVE-2024-44207 may allow threat actors to capture short snippets of audio messages in Messages before the microphone indicator is activated. 

The vulnerability CVE-2024-44204 is a logic issue that could potentially enable VoiceOver to read aloud users’ saved passwords. The issue was addressed with improved validation, it was reported by the researcher Bistrit Dahal.

Apple is not aware of attack in the wild exploiting the above vulnerabilities.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, iOS)