Do you remember Apple’s “Privacy. That’s iPhone” marketing campaigns? If you’re not aware, the company likes to portray its products as being synonymous with privacy. However, the recent wave of security vulnerabilities affecting iPhones and Macs suggest Apple’s products may not be as secure as advertised.
A recent security blunder only reinforces this point. Security researchers discovered that Apple’s built-in password manager app, Passwords, was vulnerable to phishing attacks for nearly three months after launch. This meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a lookalike phishing site to steal your login credentials.
A person holding an iPhone (Kurt “CyberGuy” Knutsson)
What you need to know
Security researchers at Mysk, noticed that Apple’s Passwords app, introduced with iOS 18 in September 2024, had a significant security flaw that left users vulnerable to phishing attacks for nearly three months.
The app used unencrypted HTTP connections instead of the more secure HTTPS to fetch logos and icons displayed alongside stored passwords. This allowed attackers on the same network, such as public Wi-Fi at a coffee shop or airport, to intercept these requests and potentially redirect users to phishing sites designed to steal login credentials.
The issue remained unresolved from iOS 18’s launch in September 2024 until Apple fixed it in December 2024, leaving users exposed for nearly three months. If someone opened the Passwords app and tapped a link, like “Change Password,” while connected to an insecure network, an attacker could intercept the request and redirect them to a fraudulent site mimicking a legitimate one, such as a fake Yelp login page. Since the app did not enforce HTTPS, users might not notice the switch, putting their sensitive information at risk.
A woman on her iPhone (Kurt “CyberGuy” Knutsson)
HOW TO PROTECT AN IPHONE & IPAD FROM MALWARE IN 2025
Apple has fixed the issue now
Apple addressed the problem after security researchers from Mysk reported it in September 2024. The iOS 18.2 update, released in December, patched the vulnerability by enforcing HTTPS for all network communications within the Passwords app, making it much harder for attackers to intercept or redirect traffic.
If you’re using an iPhone or iPad with the Passwords app,…
Click Here to Read the Full Original Article at FOX News : Tech…