Apple fixes Passwords app vulnerability enabling Wi-Fi attacks
Apple’s “Privacy. That’s iPhone” marketing campaigns have long been a cornerstone of the company’s image. However, recent security vulnerabilities affecting iPhones and Macs have raised questions about the actual security of Apple’s products. A recent security blunder involving Apple’s built-in password manager app, Passwords, has only added fuel to the fire.
Security researchers at Mysk discovered a significant security flaw in Apple’s Passwords app, which was introduced with iOS 18 in September 2024. The app used unencrypted HTTP connections instead of the more secure HTTPS to fetch logos and icons displayed alongside stored passwords. This left users vulnerable to phishing attacks for nearly three months, as attackers on the same network could intercept these requests and potentially redirect users to phishing sites.
The issue persisted from the app’s launch in September 2024 until Apple finally addressed it in December 2024 with the iOS 18.2 update. The update enforced HTTPS for all network communications within the Passwords app, making it much harder for attackers to exploit the vulnerability.
To protect your iPhone or iPad from such security risks, make sure your device is updated to iOS 18.2 or later. If you used the Passwords app on public Wi-Fi between September and December 2024, consider changing passwords for any accounts accessed during that period as an extra precaution.
In addition to updating your software, here are some other ways to stay safe from hackers targeting your passwords:
1. Use a reliable password manager.
2. Enable two-factor authentication (2FA).
3. Avoid public Wi-Fi for sensitive activities and use a VPN.
4. Beware of phishing attacks and install strong antivirus software.
5. Keep your devices updated.
6. Regularly monitor all your accounts for suspicious activity.
While Apple eventually fixed the security flaw in the Passwords app, the incident serves as a reminder that even trusted companies can fall victim to vulnerabilities. If Apple wants to maintain its reputation as a leader in privacy and security, it must prioritize rigorous security testing and swift responses to potential threats.
Do you believe Apple is doing enough to combat cyber threats, or do you think the company should take additional steps to protect its users? Share your thoughts with us at Cyberguy.com/Contact. Stay informed with more tech tips and security alerts by subscribing to the free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.
As technology continues to evolve, it’s essential to stay vigilant and proactive in safeguarding your digital identity. By following best practices and staying informed about potential risks, you can better protect yourself from cyber threats and maintain the security of your devices and personal information.
