1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple fixes embarrassing security bug that could have read your p

    From TechnologyDaily@1337:1/100 to All on Mon Oct 7 14:30:04 2024
    Apple fixes embarrassing security bug that could have read your passwords out loud

    Date:
    Mon, 07 Oct 2024 13:27:55 +0000

    Description:
    A new update was released for iOS 18 and iPadOS 18, fixing a
    passwords-related bug.

    FULL STORY ======================================================================

    Apple has released a new security update for iOS 18.0.1 and iPadOS 18.0.1 addressing the way accessibility features handle stored passwords, following speculation details could have been accidentally leaked.

    The company rarely shares details about security updates it releases, and
    this time is no exception - so there is much about the vulnerability and the patch we dont know.

    However it is thought the issue might reveal a user's saved passwords in a slightly embarassing way - by reading them out loud. VoiceOver and Passwords

    Entering the domain of speculation, there are two things to keep in mind. Apple has an accessibility feature called VoiceOver. This is a screen reader, built into different Apple products (macOS, tvOS, and more), which the users can bring up to speak to the device and have the output spoken back to them. The other important thing here is that with iOS 18 and iPadOS 18, the company introduced a native password manager , which it named the Passwords app.

    Therefore, the bug could be in either of these two apps, but since Apple did not share the details, it is impossible to know.

    Here is what we do know, though: The vulnerability is tracked as CVE-2024-44204 and at press time, still did not have a severity score. It is described as a logic issue that was fixed with improved validation. It
    affects these devices:

    iPhone XS and later
    iPad Pro 13-inch
    iPad Pro 12.9-inch third generation and later
    iPad Pro 11-inch first generation and later
    iPad Air third generation and later
    iPad seventh generation and later
    iPad mini fifth generation and later

    The security community has long considered passwords as an extremely weak way of protecting digital valuables, mostly because users tend to keep the ones provided with the factory settings, or create weak ones that are easily cracked. Instead, they advise setting up passphrases, biometrics, or multi-factor authentication (MFA).

    Via The Register More from TechRadar Pro Watch out - those browser updates could be a fake spreading malware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/apple-fixes-embarrassing-security-bug-t hat-could-have-read-your-passwords-out-loud


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)