Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed

Apple fixed a bug successful its Passwords app with December's iOS 18.2 update that had near users susceptible to phishing attacks successful the 3 months since the motorboat of iOS 18.


According to an Apple information update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.

Without protections of encryption, an attacker connected the aforesaid Wi-Fi web could redirect a user's browser to a clone phishing tract wherever login details could beryllium stolen. The vulnerability was archetypal discovered by developer Mysk's information researchers and reported successful September.

Apple's iOS 18.2 information merchandise notes described the bug similar so:
Impact: A idiosyncratic successful a privileged web presumption whitethorn beryllium capable to leak delicate information

Description: This contented was addressed by utilizing HTTPS erstwhile sending accusation implicit the network.
Apple lists the bug successful information contented updates for the Mac, iPad, and Vision Pro, indicating that this contented was fixed crossed aggregate OSes.
This article, "Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed" archetypal appeared connected MacRumors.com

Discuss this article successful our forums