Apple fixes embarrassing security bug that could have read your passwords out loud

News
By published

A new update was released for iOS 18 and iPadOS 18

The Apple logo is seen with the iOS 18 operating system logo in the background on a mobile device
(Image credit: Photo by Jaap Arriens/NurPhoto via Getty Images)

Apple has released a new security update for iOS 18.0.1 and iPadOS 18.0.1 addressing the way accessibility features handle stored passwords, following speculation details could have been accidentally leaked.

The company rarely shares details about security updates it releases, and this time is no exception - so there is much about the vulnerability and the patch we don’t know.

However it is thought the issue might reveal a user's saved passwords in a slightly embarassing way - by reading them out loud.

VoiceOver and Passwords

Entering the domain of speculation, there are two things to keep in mind. Apple has an accessibility feature called VoiceOver. This is a screen reader, built into different Apple products (macOS, tvOS, and more), which the users can bring up to “speak” to the device and have the output spoken back to them. The other important thing here is that with iOS 18 and iPadOS 18, the company introduced a native password manager, which it named the Passwords app.

Therefore, the bug could be in either of these two apps, but since Apple did not share the details, it is impossible to know.

Here is what we do know, though: The vulnerability is tracked as CVE-2024-44204 and at press time, still did not have a severity score. It is described as a “logic issue” that was fixed with improved validation. It affects these devices:

iPhone XS and later
iPad Pro 13-inch
iPad Pro 12.9-inch third generation and later
iPad Pro 11-inch first generation and later
iPad Air third generation and later
iPad seventh generation and later
iPad mini fifth generation and later

The security community has long considered passwords as an extremely weak way of protecting digital valuables, mostly because users tend to keep the ones provided with the factory settings, or create weak ones that are easily cracked. Instead, they advise setting up passphrases, biometrics, or multi-factor authentication (MFA).

Via The Register

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
An iPhone with a 10:30am alarm ringing next to an Apple Watch that displays the time as 12:42pm
Apple warns "extremely sophisticated attack" hits iPhones and iPads, so update now
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Apple iPhone 16 Review
iOS 18.3 is here with a major change to how you enable Apple Intelligence
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Google Pixel Watch 3 side dial and button

Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
See more latest
Most Popular
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
XGIMI Portable Outdoor Screen
This cheap new outdoor projector screen looks like a smart companion for portable projectors – get 70 inches of entertainment anywhere
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise