CVE-2023-32359
HIGHiPadOS < 16.7.2 - Unprotected User Password Exposure via VoiceOver
Title source: llmDescription
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/23
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/15/1
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213981
Third Party Advisory
https://security.gentoo.org/glsa/202401-33
Scores
CVSS v3
7.5
EPSS
0.0010
EPSS Percentile
27.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
apple/ipados
< 16.7.2
apple/iphone_os
< 16.7.2
Published
Oct 25, 2023
Tracked Since
Feb 18, 2026