Apple has revealed a Passwords app vulnerability that lasted for months

Passwords users were exposed to potential phishing attacks for three months until an iOS 18.2 patch.

Passwords users were exposed to potential phishing attacks for three months until an iOS 18.2 patch.

Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.

Here’s how Apple describes the bug and its fix:

Impact: A user in a privileged network position may be able to leak sensitive informationDescription: This issue was addressed by using HTTPS when sending information over the network.

Impact: A user in a privileged network position may be able to leak sensitive information

Description: This issue was addressed by using HTTPS when sending information over the network.

As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.

In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

GitHub faces a fight for its survival at Microsoft

‘Fuck you, Bambu’: How one private message could change the face of 3D printing

Anker’s new earbuds have the best call quality I’ve ever heard

If I could only have one laptop for work and gaming, I’d get this one

In desperate times, graduates find hope in humiliating tech CEOs

This is the title for the native ad