Gaming
No Comments
Apple has

Apple has revealed a Passwords app vulnerability that lasted for months

Introduction

Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.
Here’s how Apple describes the bug and its fix: 

Impact: A user in a privileged network position may be able to leak sensitive information
Description: This issue was addressed by using HTTPS when sending information over the network.

As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

Key Insights

  • What is Apple has?

    Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.
    Here’s how Apple describes the bug and its fix: 

    Impact: A user in a privileged network position may be able to leak sensitive information
    Description: This issue was addressed by using HTTPS when sending information over the network.

    As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
    In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

  • Why is Apple has important?

    Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.
    Here’s how Apple describes the bug and its fix: 

    Impact: A user in a privileged network position may be able to leak sensitive information
    Description: This issue was addressed by using HTTPS when sending information over the network.

    As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
    In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

Pros and Cons

  • Pros:

    Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.
    Here’s how Apple describes the bug and its fix: 

    Impact: A user in a privileged network position may be able to leak sensitive information
    Description: This issue was addressed by using HTTPS when sending information over the network.

    As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
    In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

  • Cons:

    Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.
    Here’s how Apple describes the bug and its fix: 

    Impact: A user in a privileged network position may be able to leak sensitive information
    Description: This issue was addressed by using HTTPS when sending information over the network.

    As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
    In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

Conclusion

Apple fixed a bug in the iOS 18.2 Passwords app that, for three months starting with the release of iOS 18, made users vulnerable to phishing attacks, according to an Apple security content update spotted by 9to5Mac.
Here’s how Apple describes the bug and its fix: 

Impact: A user in a privileged network position may be able to leak sensitive information
Description: This issue was addressed by using HTTPS when sending information over the network.

As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
In the description of the below YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the same bug in security content updates for the Mac, iPad, and the Vision Pro, as well.

Learn More

Explore more about Apple has on Wikipedia.

Leave a Reply

Your email address will not be published. Required fields are marked *