Apple mounted a bug within the iOS 18.2 Passwords app that, for 3 months beginning with the discharge of iOS 18, made customers susceptible to phishing assaults, based on an Apple security content update noticed by 9to5Mac.
Right here’s how Apple describes the bug and its repair:
Impression: A consumer in a privileged community place could possibly leak delicate info
Description: This problem was addressed through the use of HTTPS when sending info over the community.
As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it reveals subsequent to the websites your saved passwords are related to. The dearth of encryption meant an attacker on the identical Wi-Fi community as you, like at an airport or espresso store, may redirect your browser to a look-a-like phishing web site to steal your login credentials. It was first found by safety researchers at app developer Mysk.
Within the description of the under YouTube video demonstrating the bug, Mysk writes that it first reported the vulnerability in September. Apple describes the identical bug in safety content material updates for the Mac, iPad, and the Vision Pro, as nicely.