Who:
Affected users: iPhone and iPad users, particularly those using models such as iPhone XS and later, iPad Pro, iPad Air, iPad mini, and specific iPhone 16 models.
Discovered by: Security researchers Bistrit Daha, Michael Jimenez, and an anonymous researcher.
What:
Incident: Apple released iOS and iPadOS updates to fix two critical vulnerabilities. One, tracked as CVE-2024-44204, allowed saved passwords to be read aloud via VoiceOver. The second, CVE-2024-44207, enabled iPhone 16 models to capture audio before the microphone indicator turned on.
Devices impacted: Various iPhone and iPad models, including iPhone XS and iPhone 16 models, and newer iPads.
Impact:
Potential Risk: User passwords could have been exposed through VoiceOver, and unauthorized audio recordings could occur before users were alerted.
Fix: Apple resolved the issues by improving validation and adding enhanced checks. Users are urged to update to iOS 18.0.1 and iPadOS 18.0.1 to protect their devices.
Read the full article HERE