Apple fastened a bug within the iOS 18.2 Passwords app that, for 3 months beginning with the discharge of iOS 18, made customers weak to phishing assaults, in accordance with an Apple security content update noticed by 9to5Mac.
Right here’s how Apple describes the bug and its repair:
Impression: A person in a privileged community place could possibly leak delicate info
Description: This difficulty was addressed through the use of HTTPS when sending info over the community.
As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it exhibits subsequent to the websites your saved passwords are related to. The dearth of encryption meant an attacker on the identical Wi-Fi community as you, like at an airport or espresso store, might redirect your browser to a look-a-like phishing website to steal your login credentials. It was first found by safety researchers at app developer Mysk.
Within the description of the beneath YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the identical bug in safety content material updates for the Mac, iPad, and the Vision Pro, as nicely.