Apple fixes Passwords app vulnerability enabling Wi-Fi attacks

Apple’s Recent Security Flaw Raises Concerns About iPhone and Mac Safety

Remember Apple’s “Privacy. This is the iPhone” marketing campaign? The tech giant has long positioned its products as synonymous with privacy and security. However, a recent wave of vulnerabilities affecting iPhones and Macs suggests that Apple’s devices may not be as secure as advertised.

A recent security lapse highlights this issue. Safety researchers discovered that Apple’s built-in password manager app, introduced with iOS 18 in September 2024, was vulnerable to phishing attacks for nearly three months. This flaw allowed attackers on the same Wi-Fi network—say, at a café or airport—to redirect browsers to fake phishing websites and steal login credentials.

What You Need to Know

Security researchers at Mysk identified a critical oversight in Apple’s Password app: it used unencrypted HTTP connections instead of the more secure HTTPS to load website logos and icons. Weaknesses like this made it possible for hackers to intercept data and redirect users to malicious sites designed to steal sensitive information.

Related contentThe 13 best TVs we've reviewed, plus buying advice (2025)

This vulnerability remained unaddressed from iOS 18’s release in September 2024 until Apple fixed it in December 2024. During this time, users who accessed the Password app on unsecured networks were at risk. For example, clicking a “Change Password” link could have redirected users to a fake Yelp login page, allowing attackers to capture their credentials. Since the app didn’t enforce HTTPS, users might not have noticed the switch, leaving their data exposed.

Apple Has Now Addressed the Issue

Following Mysk’s disclosure in September 2024, Apple released iOS 18.2 in December to patch the vulnerability. The update now enforces HTTPS for all network communications within the Password app, preventing similar attacks.

If you’re using an iPhone or iPad with the Password app, ensure your device is updated to iOS 18.2 or later. If you used the app on public Wi-Fi between September and December 2024, consider changing passwords for any accounts accessed during that period as an extra precaution.

How to Update Your iPhone

Updating your device is simple:

  1. Open Settings
  2. Tap General
  3. Select Software Update
  4. Download and install any available updates

6 Ways to Protect Yourself from Password-Focused Hackers

Related contentFor just $70, the Google Audio Bluetooth speaker brings smart home features to your home

Recent events emphasize the importance of safeguarding your digital identity. Here’s how to stay secure:

  1. Use a Reliable Password Manager: While Apple’s Password app is convenient, third-party password managers often offer stronger security. Explore trusted options to store your credentials.

  2. 【oaicite:3】​Enable Two-Factor Authentication (2FA)** Adds an extra layer of security beyond passwords. Opt for authenticator apps like Google Authenticator or hardware security keys instead of SMS-based codes.

  3. Avoid Public Wi-Fi for Sensitive Activities: Hackers can intercept data on unsecured networks. If you must use public Wi-Fi, connect through a reputable VPN to encrypt your traffic.

  4. Related contentAnswering all your frequently asked questions about sleep

    Install Strong Antivirus Software: Protect your devices from malware and phishing attempts. Reliable antivirus software can alert you to suspicious links and prevent data breaches.

  5. Keep Your Devices Updated: Regularly install software updates to patch security vulnerabilities and stay protected.

  6. Monitor Your Accounts for Suspicious Activity: Regularly check your accounts for unusual logins or transactions and take immediate action if anything seems amiss.

Kurt’s Key Takeaway

A three-month delay in addressing a critical password manager flaw is unacceptable, especially for a company that prides itself on privacy and security. This incident underscores the reality that even Apple’s built-in tools can expose users to significant risks. While the fix eventually arrived, the prolonged exposure highlights the need for more rigorous security testing before releases.

Do you think Apple is doing enough to stay ahead of cyber threats, or should the company take additional steps to protect its users? Share your thoughts at Tech Word News.com/contact.

For more tech tips and security alerts, subscribe to Kurt’s Tech Word News Report newsletter at Tech Word News.com/newsletter.

Stay Protected and Informed: Sign up for safety updates and expert tech advice from Tech Word News Kurt.

Copyright 2025 Tech Word News.com. All rights reserved.

Similar Posts