Apple Releases Urgent iOS 18 Patch To Fix Major Password Vulnerability
That bug, known most officially as CVE-2024-44204, seems to come down to a logic problem in Apple's new Passwords app, and it affects seemingly any iPhone and iPad running the latest version of the fruit company's mobile operating system. Apple credits security researcher Bistrit Dahal with finding and reporting the issue.
Fixing the problem was apparently pretty easy: perform additional validation of commands being sent either by the Passwords app or to the VoiceOver feature. It's not quite as bad as it sounds as the attacker does have to get their hands on your phone first, but it could make a serious security situation (a stolen phone) much worse as the attacker would be easily able to access your accounts stored on your phone.
This update also patches another security vulnerability, discovered by Michael Jiminez and "an anonymous researcher", where the iPhone 16 might begin capturing a few seconds of audio before the microphone indicator is activated. This could be used by bad actors to quietly record audio from your device without your knowledge, although they would of course already have to have remote access on your device. It's more likely than you think.
Per Apple, these updates are available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. Basically anything that can run iOS 18. Your phone has probably already downloaded the update for you, so just make sure there are no available updates by going to Settings -> General -> Software Update.
