CVE-2024-44204
Description
A logic issue in iOS and iPadOS allows VoiceOver to read saved passwords aloud; fixed in iOS 18.0.1 and iPadOS 18.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic issue in iOS and iPadOS allows VoiceOver to read saved passwords aloud; fixed in iOS 18.0.1 and iPadOS 18.0.1.
Vulnerability
A logic issue in the VoiceOver accessibility feature on iOS and iPadOS allows saved passwords to be read aloud. The issue exists in versions prior to iOS 18.0.1 and iPadOS 18.0.1. [1]
Exploitation
An attacker with physical access to an unlocked device running an affected version can enable VoiceOver (e.g., via Settings or a shortcut) and navigate to a password field where saved credentials are available. VoiceOver then announces the password audibly. No network access or authentication bypass is required.
Impact
An attacker can hear saved passwords, leading to credential disclosure. This may enable account compromise for the associated service.
Mitigation
The issue is fixed in iOS 18.0.1 and iPadOS 18.0.1, released October 3, 2024. Users should update their devices. No workaround is available other than disabling VoiceOver, which may not be practical for accessibility-dependent users.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <18.0.1
- Range: <18.0.1
- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.