Apple fixes long-standing security flaw in iOS Passwords app

A security flaw in Apple's iOS Passwords app could have put iPhone users at risk for years. The issue allowed potential phishing attacks due to sensitive information being sent over an insecure network. Apple confirmed the bug has been fixed by switching to HTTPS for safer data transmission. The problem was highlighted by security researchers at Mysk, who reported it back in September 2024. They pointed out that the Passwords app had used insecure HTTP since its introduction in iOS 14 in 2020. Mysk noted that this flaw means iPhone users were vulnerable to phishing attacks for a long time. However, the risk of being affected is considered low. The issue also prompted security updates for other Apple devices like the Mac and iPad. Mysk released a video showing how the Passwords app could open links insecurely, making it easier for attackers to intercept data on shared networks, such as those in coffee shops or airports. There was no immediate response from Apple regarding the situation. A security analyst, Georgia Cooke, called the issue a significant fault for Apple. She emphasized that while the vulnerability needs specific conditions to be exploited, it highlights the importance of security protocols. Users are urged to keep their devices updated and to take precautions on public networks, including using virtual private networks and avoiding sensitive transactions.