Apple has fixed a serious vulnerability in the Passwords app for iOS that existed for three months after the release of iOS 18. This was reported by 9to5Mac.
The problem was that the app sent unencrypted requests for logos and icons associated with saved passwords. This posed a risk to users who were on the same Wi-Fi network as attackers, such as in cafes or airports. Attackers could redirect browsers to phishing sites to steal credentials.
The vulnerability was discovered by researchers at Mysk, who reported it back in September. Apple fixed the issue in iOS 18.2, using HTTPS to secure data transmission. Similar updates have been released for macOS, iPadOS, and Vision Pro.
This situation highlights the importance of timely software updates to protect users' privacy. Apple encourages all users to install the latest versions of their operating systems.