Apple fixes Passwords app vulnerability to prevent phishing

Apple has recently addressed a significant security flaw in its Passwords app. This issue lasted for nearly three months and left users vulnerable to phishing attacks. Tech expert Kurt Knutsson revealed that the flaw affected the app from its launch with iOS 18 in September 2024 until it was fixed in December 2024. The problem stemmed from the app using unencrypted HTTP connections instead of the more secure HTTPS. This weakness allowed attackers on the same public Wi-Fi network, like those in coffee shops or airports, to intercept requests and redirect users to fake login pages. As a result, users were at risk of having their login credentials stolen. Apple patched this issue in the iOS 18.2 update, which enforced the use of HTTPS for all app communications. Users are urged to update their devices to ensure they are protected from this vulnerability. If you accessed accounts on the Passwords app while using public Wi-Fi during the flawed period, it is wise to change those passwords. Kurt Knutsson also advises users to take additional security measures. These include using reliable password managers, enabling two-factor authentication, avoiding public Wi-Fi for sensitive activities, and regularly monitoring accounts for suspicious activity. Keeping devices updated and installing antivirus software can also help protect against cyber threats. This incident highlights the need for Apple to improve its security testing, especially for apps that are integral to user privacy and security. It serves as a reminder that even well-known brands can have vulnerabilities that expose users to risks.