Apple Addresses Major Security Flaw in iOS 18.2 Passwords App After Months of Vulnerability

Apple has fixed a security problem in the iOS 18 Passwords app that kept users vulnerable to phishing attacks for three months. The problem, first discovered by security experts at Mysk, was highlighted in Apple's security update and published by 9to5Mac.  

The bug enabled attackers on the same Wi-Fi network, such as in public areas like airports or cafes, to redirect users to fake phishing websites.This happened because the Passwords app made unencrypted requests for website icons and logos. Without encryption, hackers could catch these queries and confuse users into entering their login credentials on a false site.  

In iOS 18.2, Apple solved the issue by requiring that all data sent over the network be encrypted using HTTPS.This remedy stops attackers from exploiting the vulnerability, making user data more secure.  

The same security weakness was also detected in macOS, iPadOS, and Vision Pro. Apple has released updates for all of these systems to address the loophole. If you use the Passwords app, updating to iOS 18.2 and the most recent versions of Apple's other software is critical for improved security.

This article is based on information from The Verge