Just when the whole world is going gaga over the latest launch of iPhone 16 Pro, a piece of news stunned every Apple enthusiast. The voiceover feature of iPhone and iPad could read out passwords aloud, thereby raising serious privacy concerns. Although Apple has now patched the two bugs, Apple users are feeling a bit concerned about data safety.
The main issue was Apple’s VoiceOver accessibility feature, which could have led to your iPhones and iPads reading out your sensitive passwords aloud in front of others. Also, there was another issue in the new iPhone models, where the user’s audio was being recorded for the first couple of seconds without their knowledge.
Apple was quick to come up with updated operating systems for both iPadOS and iOS. The ultimate goal of this update was to fix the bug as soon as possible, thereby ensuring the safety of iPhone and iPad users. They have been advised to update their devices to avoid any kind of cyberattacks or inconveniences.
Experts, such as Michael Covington from Jamf, believe that these vulnerabilities are in no way a hint towards cyber threats. Rather, both issues are related to user data safety. He also said that the issues were really small in stature and could never lead to remote cyberattacks. However, he has urged businesses that actively use iPhones and iPads for business operations to download the updates as soon as possible in order to avoid any kind of privacy concerns.
If you are wondering whether or not you are using the latest software version of iOS and iPadOS, here’s how you can check easily. Simply go to Settings> General> Software Update. This will help you update your device and steer clear of any kind of privacy issues.
Data safety concerns because of vulnerabilities
The first major issue involved the VoiceOver accessibility feature, which provides active support to visually impaired users in the form of audible descriptions for different elements present on the device screen, such as who is calling you, the battery level of your device, and other elements like buttons, texts, images, and so on.
The VoiceOver feature also enables users to navigate their devices using voice commands. However, there should be a limitation to things that are read aloud, such as passwords. Back in September, Apple came up with an innovative app called ‘Passwords.’ The purpose was to help users store and manage their passwords conveniently on their devices only. The VoiceOver accessibility feature could read such passwords aloud.
This vulnerability does not pose a serious threat to users as the device needs to be unlocked when an attacker is in proximity. However, installing security updates as soon as possible is a smart move, as threat actors always stay on their toes to find unpatched vulnerable devices.
The bug impacted all the iPhone and iPad models that have been launched since 2018.
However, here’s the good news. The VoiceOver accessibility feature stays off by default. So, Apple expects only a very small proportion of affected iPhone users.
The most shocking part about this entire user safety issue is that this is not the first time that iPhone users have been vulnerable. Earlier also, screen reader technology was put to misuse by installed apps to access details as well as exfiltrate data from iPhones. However, experts believe that extensive privacy and security testing lowers the number of such incidents by manifolds.
Another issue that invades users’ privacy is the slightly early recording of audio messages without the users’ awareness and permission. So there is this feature that enables iPhone users to send their messages in the form of audio. When a user clicks on the plus sign at the left of the message box and selects the ‘Audio’ option, the iPhone indicates that the recording has started. You will get to see a red, highlighted soundwave in place of the message box you generally use to type messages. There will also be a small orange dot at the top of your screen.
However, a security researcher discovered a shocking detail: audio messages started recording even before users were made aware of the recording. The bug affects all the latest iPhone 16 models.
Though it may seem insignificant, experts believe that threat actors can exploit the mismatch between device functionality and visual indicators to a significant extent, particularly in the realm of phishing protection. Apple has not shared any further details regarding these bugs. Additionally, it’s worth noting that neither of these vulnerabilities received a CVSS rating.
Apple has garnered praise and appreciation from experts because of its prompt remedial measures.
So, if you are also an iPhone or iPad user, keep your devices updated and stay vigilant about news around such topics.