Apple Released a dedicated passwords app last year, as part of the iOS 18 software update. Intead of a menu inside the settings app, users can access their passwords and other details via a standalone app. However, the passwords app had a serial security flw that exposed users to potential phishing attacks from attackers who were on the same wi-file. The company recently disclosed that its security flw three months after os 18 was released.
Apple Fixed Passwords App Vulnerability with iOS 18.2 Update
The iPhone maker recently amened its release notes (via 9to5Mac) for the iOS 18.2 update, which was released in December. The Document Now Includes Two Entries, Both Titled ‘Passwords’, that describe fixes for the app. Apple has credited Mysk Security Researchers Talal Haj Bakry and Tommy Mysk With Identifying The Security Vulnerability.
According to the company’s updated support document, the first path for the passwords app Network traffic.
The Mysk Researchers Discovered that Apple’s Passwords App Wasn’T Using Encrypted Connections (https) when fetching details of specific sites, wash as site icons. Similarly, password reset pages were loaded over http.
The same flw would be allowed an attacker on the same wi-fi network to intercept the network request, and direct the device to load a Phishing website institute in the Legitimate One. If the user trusts the webpage, they might enter their credentials on the fraudulent website.
The cybersecurity firm reported the issue to apple in September, and apple’s revised support documents reviews that it rolled out fixes for the issue with iOS 18.2 in. Eligible iPhone and iPad Models that are running on iOS 18.2 and iPados 18.2 or newer versions should not be vulnerable to the flw.
