CVE-2024-44204 - Logic Issue on iOS and iPadOS Allowing VoiceOver to Read Saved Passwords: Fix and Exploit Details

A recently discovered vulnerability, CVE-2024-44204, has been identified in iOS and iPadOS, affecting the accessibility features provided by Apple. The issue revolves around the way VoiceOver - an Apple screen reader used by users with visual impairments - can potentially read aloud the user's saved passwords, thereby compromising their security and privacy. This vulnerability has now been addressed, having been fixed in the iOS 18..1 and iPadOS 18..1 patch releases.

Exploit Details

Upon further analysis, Apple has disclosed that this vulnerability is a logic issue that was addressed by implementing improved validation measures. The issue allowed saved passwords, which were meant to be obscured, to be read by the VoiceOver software. This potentially exposed sensitive data to unauthorized individuals who may have had access to the device.

Although this vulnerability doesn't pose a direct risk to the operating system, it certainly presents a privacy concern for users who rely on VoiceOver.

Fix:
As per Apple's disclosure, the issue has been resolved with the release of iOS 18..1 and iPadOS 18..1. Users are strongly encouraged to update their devices to the latest version in order to protect themselves from this vulnerability.

Code Snippet

While exact details of the vulnerability are difficult to discern without access to Apple's codebase, the following code snippet illustrates the basic idea of what the logic issue may have looked like:

func getPassword(for user: String) -> String {
    let password = ... // Retrieve user's saved password
    return password
}

func voiceOverSpeak(textToSpeak: String) {
    // VoiceOver functionality for speaking provided text
}

let passwordText = getPassword(for: currentUser)
if isVoiceOverEnabled {
    voiceOverSpeak(textToSpeak: passwordText)
}

In this hypothetical example, the getPassword function retrieves the user's saved passwords on the device. If VoiceOver is enabled, it speaks the text provided, which in this case may be the password. In order to fix this issue, Apple most likely added validation checks to ensure that only non-sensitive information was spoken by VoiceOver.

Original References

Apple has provided information on the vulnerability, along with the necessary fixes in the latest security releases. The following links provide further details about CVE-2024-44204:

- Apple Security Content: https://support.apple.com/en-us/HT213093
- Common Vulnerabilities and Exposures (CVE) Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44204

Conclusion

iOS and iPadOS users, particularly those who rely on accessibility features such as VoiceOver, should be aware of CVE-2024-44204. The logic issue allowing VoiceOver to read saved passwords has been addressed by improved validation in iOS 18..1 and iPadOS 18..1. Users should ensure that they update their devices to the latest versions to protect their data and privacy.

Timeline

Published on: 10/04/2024 00:15:02 UTC
Last modified on: 10/04/2024 17:29:54 UTC