Apple Passwords was open to targeted phishing attacks, before patch
From iOS 18 when the Passwords app debuted to the iOS 18.2 update, users could have exposed passwords to a bad actor on a privileged network, but you’re likely safe.
Apple released iOS 18 in September 2024 with the new Passwords app, but it relied on the less secure HTTP protocol, not HTTPS, when opening links or fetching icons. This meant a bad actor on a privileged network could intercept the HTTP request and redirect users to a fake website and harvest the login.
Security research company Mysk uncovered this issue and reported it to Apple in September, and the Passwords app was patched in December with iOS 18.2. That means the vulnerability was live in the wild for those three months and continued to be for anyone running a release prior to iOS 18.2.
Continue Reading on AppleInsider | Discuss on our Forums
Source: AppleInsider News
Recent Posts
NASA Astronaut Don Pettit Uses His Camera for Science in Space
NASA astronaut Don Pettit, known for his incredible astrophotography, sense of humor, and clever camera…
WhatsApp now lets users create their own sticker packs
WhatsApp this week released a major update that adds a new way to create and…
Ben Affleck Has a New Batman Complaint: Wearing the Batsuit Sucked
The actor has long since moved on, but he'll forever be asked about his DC…
LEGO Easter Sale Drops Deals Too Sweet to Miss, Hurry This Won’t Last Long
Dozens of awesome building kits for all ages are marked down from now through April…
This Reminders feature is a lifesaver when my task list grows too long
Apple’s Reminders app has become a powerful task manager in recent years, and there’s one…
Trump Weaponizes Bureaucratic Review to Stop Offshore Wind Project
What happened to cutting red tape?