{"id":25296,"date":"2024-10-07T06:10:09","date_gmt":"2024-10-07T14:10:09","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/10\/07\/news-19026\/"},"modified":"2024-10-07T06:10:09","modified_gmt":"2024-10-07T14:10:09","slug":"news-19026","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/10\/07\/news-19026\/","title":{"rendered":"iPhone flaw could read your saved passwords out loud. Update now!"},"content":{"rendered":"\n<p>Apple has issued <a href=\"https:\/\/support.apple.com\/en-gb\/121373\">security updates<\/a> for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user&#8217;s saved passwords to be read aloud by its VoiceOver feature.<\/p>\n<p>VoiceOver allows users to use their iPhone or iPad even if they can&#8217;t see the screen. It gives audible descriptions of what&#8217;s on your screen\u2014for example, the battery level, who&#8217;s calling you, or what item your finger is on.<\/p>\n<p>Unfortunately, that also included an audible description of a user&#8217;s saved passwords, effectively reading aloud someone&#8217;s passwords. <\/p>\n<p>While the chance of abusing this vulnerability is relatively small\u2014the device would have to be unlocked and in the attacker\u2019s proximity to exploit it\u2014it\u2019s always better to install security updates as soon as possible. Once criminals know vulnerabilities exist they tend to go looking for unpatched vulnerable devices.<\/p>\n<p>The patch for the flaw (listed as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-44207\">CVE-2024-44207<\/a>) is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.<\/p>\n<p>To check if you\u2019re using the latest software version of iOS and iPadOS, go to\u00a0<strong>Settings<\/strong>\u00a0&gt;\u00a0<strong>General<\/strong>\u00a0&gt;\u00a0<strong>Software Update<\/strong>. You want to be on iOS 18.0.1 or iPadOS 18.0.1.<\/p>\n<p>If you&#8217;re not on the latest version, you can update from this screen. It\u2019s also worth turning on Automatic Updates if you haven\u2019t already, which you can also do from this screen.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"972\" height=\"764\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Uodate_settings.png\" alt=\"Automatic update settings \" class=\"wp-image-118440\" \/><figcaption class=\"wp-element-caption\">Preferred setting for automatic updates<\/figcaption><\/figure>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/iphone-flaw-could-read-your-saved-passwords-out-loud-update-now\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Apple has fixed a security issue in iOS (and iPadOS) that could have leaked a user&#8217;s passwords through the VoiceOver feature. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,32001,10480,24749,32,10602],"class_list":["post-25296","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-cve-2024-44207","tag-ios","tag-ipados","tag-news","tag-passwords"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25296"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25296\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25296"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}