Audio-based iOS, iPadOS flaws addressed by Apple - #CVE-2024-44204
Apple has released crucial updates to mitigate two distinct audio-based vulnerabilities in iOS and iPadOS. The more critical flaw, CVE-2024-44204, was a logic issue that permitted the VoiceOver feature to read out credentials from the Passwords app. Users are urged to upgrade to iOS 18.0.1 and iPadOS 18.0.1 on supported devices such as the iPhone XS and later models, alongside various iPad models. The second flaw, CVE-2024-44207, was specific to the iPhone 16 and pertained to incorrect audio representation in iMessage audio messages. Severity scores for these vulnerabilities are currently unavailable, likely due to backlogs at the National Vulnerability Database.