{"id":469,"date":"2025-03-19T14:55:27","date_gmt":"2025-03-19T14:55:27","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4298447"},"modified":"2025-03-19T14:55:27","modified_gmt":"2025-03-19T14:55:27","slug":"apple-passwords-app-vulnerability-exposed-users-for-months","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/19\/apple-passwords-app-vulnerability-exposed-users-for-months\/","title":{"rendered":"Apple Passwords App Vulnerability Exposed Users for Months"},"content":{"rendered":"
<\/div>\n

Apple\u2019s Passwords app, designed to enhance security for iOS users, ironically left them vulnerable to phishing attacks for nearly three months. Security researchers recently revealed that the flaw exposed sensitive information, raising concerns about cybersecurity risks \u2014 even with trusted software.<\/p>\n

<\/span>The vulnerability explained<\/span><\/h2>\n

Researchers at Mysk identified the flaw, which stemmed from the app\u2019s use of unencrypted HTTP connections<\/a> when retrieving website icons and opening password reset pages. This security lapse allowed attackers to intercept data and redirect users to malicious phishing sites.<\/p>\n

>Mysk\u2019s team discovered that the Passwords app contacted over 130 websites using unprotected HTTP traffic. This made it possible for hackers on the same Wi-Fi network \u2014 such as in cafes, airports, or hotels \u2014 to manipulate the requests and trick users into visiting fraudulent websites designed to steal login credentials.<\/p>\n

<\/span>Apple\u2019s response and fix<\/span><\/h2>\n

Upon discovering the vulnerability in September 2024, Mysk promptly reported the issue to Apple. The tech giant addressed the flaw with the iOS 18.2 update<\/a>, released in December 2024. This update implemented encrypted HTTPS connections for improved security.<\/p>\n

However, Apple only publicly disclosed the vulnerability in March 2025, emphasizing the importance of timely updates and robust cybersecurity measures.<\/p>\n