Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature.
VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on your screen—for example, the battery level, who’s calling you, or what item your finger is on.
Unfortunately, that also included an audible description of a user’s saved passwords, effectively reading aloud someone’s passwords.
While the chance of abusing this vulnerability is relatively small—the device would have to be unlocked and in the attacker’s proximity to exploit it—it’s always better to install security updates as soon as possible. Once criminals know vulnerabilities exist they tend to go looking for unpatched vulnerable devices.
The patch for the flaw (listed as CVE-2024-44207) is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
To check if you’re using the latest software version of iOS and iPadOS, go to Settings > General > Software Update. You want to be on iOS 18.0.1 or iPadOS 18.0.1.
If you’re not on the latest version, you can update from this screen. It’s also worth turning on Automatic Updates if you haven’t already, which you can also do from this screen.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.