In addition to a handful of notable bug fixes and performance improvements, today’s iOS 18.0.1 and iPadOS 18.0.1 updates also include a pair of important security fixes. Apple says that the updates include a fix for microphone access on the iPhone 16 as well as a fix for access to the Passwords app across all supported iPhone and iPad models.
First, Apple says that iOS 18.0.1 fixes a bug where audio messages in the Messages app could have recorded “a few seconds of audio” before the green microphone indicator was active in the Dynamic Island and Control Center. This bug only specifically impacted the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max.
Apple further explains:
lockquote class=”wp-block-quote is-layout-flow wp-block-quote-is-layout-flow”>
Media Session
Available for: iPhone 16 (all models)
Impact: Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated
Description: This issue was addressed with improved checks.
CVE-2024-44207: Michael Jimenez and an anonymous researcher
lockquote>
Second, Apple says that iOS 18.0.1 and iPadOS 18.0.1 address a security issue where the VoiceOver feature could have read a user’s saved passwords aloud.
Apple explains:
lockquote class=”wp-block-quote is-layout-flow wp-block-quote-is-layout-flow”>
Passwords
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A user’s saved passwords may be read aloud by VoiceOver
Description: A logic issue was addressed with improved validation.
CVE-2024-44204: Bistrit Dahal
lockquote>
iOS 18.0.1 and iPadOS 18.0.1 are rolling out now. They can be installed by going to the Settings app, choosing General, then choosing Software updates. New software updates are also available for the Mac, Vision Pro, and Apple Watch, but Apple says these updates do not have any published CVE entries.
FTC: We use income earning auto affiliate links. More.
