Apple fixes embarrassing security bug that could have read your passwords out loud

A new update was released for iOS 18 and iPadOS 18

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas released a new security update foriOS 18.0.1and iPadOS 18.0.1 addressing the way accessibility features handle stored passwords, following speculation details could have been accidentally leaked.

The company rarely shares details about security updates it releases, and this time is no exception - so there is much about the vulnerability and the patch we don’t know.

However it is thought the issue might reveal a user’s saved passwords in a slightly embarassing way - by reading them out loud.

VoiceOver and Passwords

Entering the domain of speculation, there are two things to keep in mind. Apple has an accessibility feature called VoiceOver. This is a screen reader, built into different Apple products (macOS, tvOS, and more), which the users can bring up to “speak” to the device and have the output spoken back to them. The other important thing here is that with iOS 18 and iPadOS 18, the company introduced a nativepassword manager, which it named the Passwords app.

Therefore, the bug could be in either of these two apps, but since Apple did not share the details, it is impossible to know.

Here is what we do know, though: The vulnerability is tracked as CVE-2024-44204 and at press time, still did not have a severity score. It is described as a “logic issue” that was fixed with improved validation. It affects these devices:

iPhone XS and lateriPad Pro 13-inchiPad Pro 12.9-inch third generation and lateriPad Pro 11-inch first generation and lateriPad Air third generation and lateriPad seventh generation and lateriPad mini fifth generation and later

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The security community has long considered passwords as an extremely weak way of protecting digital valuables, mostly because users tend to keep the ones provided with the factory settings, or create weak ones that are easily cracked. Instead, they advise setting up passphrases, biometrics, or multi-factor authentication (MFA).

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Scammers are using fake copyright infringement claims to hack businesses

HPE reveals critical security bug affecting networking access points

From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members