Wednesday, 19 March, 2025

Apple's Passwords App Vulnerability Exposed Users to Phishing Attacks for Months

A vulnerability in Apple's Passwords app, introduced with iOS 18, left users susceptible to phishing attacks for nearly three months. The app sent unencrypted HTTP requests for website icons associated with stored passwords, allowing attackers on the same network to intercept and redirect these requests to malicious sites. Apple addressed this issue in the iOS 18.2 update by implementing HTTPS for secure data transmission.