CVE-2024-44204 – This vulnerability allows VoiceOver, Apple's sc... (How to Fix)

Q: What is the severity of CVE-2024-44204?

CVE-2024-44204 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows VoiceOver, Apple's screen reader accessibility feature, to audibly read saved passwords from the keychain on unpatched iOS/iPadOS devices. It affects users who have saved passwords in their device's keychain and use VoiceOver functionality. The issue requires physical access or screen sharing to exploit.

📋 TL;DR

This vulnerability allows VoiceOver, Apple's screen reader accessibility feature, to audibly read saved passwords from the keychain on unpatched iOS/iPadOS devices. It affects users who have saved passwords in their device's keychain and use VoiceOver functionality. The issue requires physical access or screen sharing to exploit.

💻 Affected Systems

Products:

iPhone
iPad

Versions: iOS/iPadOS versions before 18.0.1

Operating Systems: iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires VoiceOver to be enabled and saved passwords in keychain. Physical access or screen sharing needed for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access or screen sharing capability could have VoiceOver read sensitive passwords aloud, potentially compromising accounts protected by those credentials.

🟠

Likely Case

Accidental exposure when VoiceOver is enabled during password viewing, or targeted exploitation by someone with brief physical access to the device.

🟢

If Mitigated

Minimal impact if device is kept secure, VoiceOver is disabled when not needed, and strong authentication protects device access.

🌐 Internet-Facing: LOW - Requires physical access or screen sharing, not remotely exploitable.

🏢 Internal Only: MEDIUM - Insider threat or physical access scenarios could lead to credential exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires physical device access or screen sharing capability. Simple to execute once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 18.0.1, iPadOS 18.0.1

Vendor Advisory: https://support.apple.com/en-us/121373

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install iOS/iPadOS 18.0.1. 4. Device will restart automatically.

🔧 Temporary Workarounds

Disable VoiceOver

all

Turn off VoiceOver accessibility feature when not actively using it

Settings > Accessibility > VoiceOver > Toggle OFF

Use Guided Access

all

Enable Guided Access to restrict device to single app and disable VoiceOver

Settings > Accessibility > Guided Access > Toggle ON

🧯 If You Can't Patch

Disable VoiceOver accessibility feature when not in use
Implement strict physical security controls for devices

🔍 How to Verify

Check if Vulnerable:

Check iOS/iPadOS version in Settings > General > About > Software Version. If version is below 18.0.1, device is vulnerable.

Check Version:

Settings > General > About > Software Version

Verify Fix Applied:

Confirm iOS/iPadOS version is 18.0.1 or later in Settings > General > About > Software Version.

📡 Detection & Monitoring

Log Indicators:

VoiceOver activation logs
Accessibility service usage patterns

Network Indicators:

None - local exploitation only

SIEM Query:

device.os.version < "18.0.1" AND device.type IN ("iphone", "ipad")

📊 Metadata

CVE ID: CVE-2024-44204

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Published: October 4, 2024

Last Updated: November 3, 2025

🔗 References

https://support.apple.com/en-us/121373 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2024/Oct/1

📤 Share & Export

📄 Export Markdown 📋 Export JSON