iOS and iPadOS Update Fixes Logic Issue, Addresses Saved Passwords Being Read Aloud by VoiceOver

CVE-2024-44204

5.5MEDIUM

Key Information

Vendor
Apple
Status
iPhone OS
iPad OS
Vendor
CVE Published:
4 October 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.

News Articles

favicon imageNicolas Coolman

Apple, 2 Critical Security Flaws in iOS and iPadOS Products - ZAM

Apple Security Bulletin 121373, released on October 3, 2024, provides information on fixes for multiple critical vulnerabilities in versions prior to

3 months ago

favicon image

iPhone 'VoiceOver' Feature Could Read Passwords Aloud

CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.

3 months ago

References

https://support.apple.com/en-us/121373

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered

  • Vulnerability published

Collectors

NVD Database2 News Article(s)
.