Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed

by

Apple fixed a bug in its Passwords app with December's iOS 18.2 update that had left users vulnerable to phishing attacks in the three months since the launch of iOS 18.

Generic iOS 18 Passwords Feature
According to an Apple security update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.

Without protections of encryption, an attacker on the same Wi-Fi network could redirect a user's browser to a clone phishing site where login details could be stolen. The vulnerability was first discovered by developer Mysk's security researchers and reported in September.

Apple's iOS 18.2 security release notes described the bug like so:

Impact: A user in a privileged network position may be able to leak sensitive information

Description: This issue was addressed by using HTTPS when sending information over the network.


Apple lists the bug in security content updates for the Mac, iPad, and Vision Pro, indicating that this issue was fixed across multiple OSes.

Popular Stories

iOS 26 on iPhone Feature

Here's When iOS 26 Rolls Out Today in Every Time Zone [Update: Out Now!]

Monday September 15, 2025 12:00 am PDT by
Update 10:06 a.m.: iOS 26 is rolling out now, though it may take a bit for all users to see it, so keep checking! Today's the day! Apple is about to release iOS 26, which will deliver the biggest redesign since iOS 7 and bring a range of new features and improvements to iPhones worldwide. It's Apple's biggest software update of the year, and Apple announced at last week's iPhone event that...
Read Full Article93 comments
Tim Cook Rainbow

Apple Reportedly Plans to Launch These 10 Products in 'Coming Months'

Sunday September 14, 2025 8:45 am PDT by
Apple's annual September event is now in the rearview mirror, with the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, iPhone Air, Apple Watch Series 11, Apple Watch Ultra 3, Apple Watch SE 3, and AirPods Pro 3 set to launch this Friday, September 19. As always, there is more to come. In his Power On newsletter today, Bloomberg's Mark Gurman said Apple plans to release many products in the...
Read Full Article74 comments
apple n1 chip

Apple's New N1 Chip in iPhone 17, iPhone 17 Pro, and iPhone Air Has a Wi-Fi 7 Limitation

Saturday September 13, 2025 10:01 am PDT by
The latest iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air models are equipped with Apple's all-new N1 chip for Wi-Fi 7, Bluetooth 6, and Thread connectivity. However, the chip has a Wi-Fi 7 bandwidth limitation. According to FCC documents reviewed by MacRumors, the N1 chip in all of the new iPhone models supports up to 160 MHz channel bandwidth for Wi-Fi 7, short of the...
Read Full Article100 comments
iPhone 17 Pro Colors

Didn't Pre-Order a New iPhone Yet? Here's How Long the Wait is Now

Friday September 12, 2025 6:11 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began at 5 a.m. Pacific Time in the U.S. and many other countries today. If you have yet to place a pre-order, you might face a longer wait now, depending on your desired configuration. As of shortly after 6 a.m. Pacific Time today, nearly all iPhone 17 Pro Max configurations on Apple's online store in the U.S. are facing ...
Read Full Article297 comments
airpods translate

AirPods Live Translation Blocked for EU Users With EU Apple Accounts

Thursday September 11, 2025 4:01 am PDT by
Apple's new Live Translation feature for AirPods will be off-limits to millions of European users when it arrives next week, with strict EU regulations likely holding back its rollout. Apple says on its feature availability webpage that "Apple Intelligence: Live Translation with AirPods" won't be available if both the user is physically in the EU and their Apple Account region is in the EU....
Read Full Article242 comments
iphone 17 lineup

iPhone 17 Models Launch on September 19 With These New Features

Friday September 12, 2025 7:58 am PDT by
Apple will launch its new iPhone 17 lineup and ultra-thin iPhone Air in stores on Friday, September 19, and the company has already shown off the new devices at its fall event, which ran with the the tagline "Awe dropping." The iPhone 17 series brings a host of new features and enhancements. Here's a rundown of the biggest upgrades and changes: iPhone 17 Display Changes The iPhone...
Read Full Article17 comments
iphone air all colors

iPhone Air and iPhone 17 Pro Now Facing Extended Delivery Estimates

Saturday September 13, 2025 11:43 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began on Friday in the U.S. and many other countries. iPhone 17 Pro Max delivery estimates quickly slipped beyond the Friday, September 19 launch day for those who had yet to place an order, and now the rest of the new models have started to follow suit. As of shortly after 11:30 a.m. Pacific Time today, select iPhone 17, ...
Read Full Article90 comments
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro Models Are eSIM-Only in These Countries

Tuesday September 9, 2025 12:23 pm PDT by
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries. The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple: Bahrain Canada Guam Japan Kuwait Mexico Oman Qatar Saudi Arabia United Arab Emirates Un...
Read Full Article78 comments
iOS 26 Battery Glass Feature

Apple Says Installing iOS 26 Might Impact Battery Life

Monday September 15, 2025 10:56 am PDT by
In the iOS 26 release notes, Apple is warning iPhone users that installing the new software might have a temporary impact on battery life, which is normal. A new support document explains that major iOS updates require background setup like indexing data and files for search, downloading new assets, and updating apps. Further, Apple says that new features could require more resources,...
Read Full Article86 comments

Top Rated Comments

iBluetooth Avatar
iBluetooth
26 weeks ago
This bug is so basic that Apple must be embarrassed, as they should have some of their people verify security when they make their first passwords app, which is going to be used by millions ?
Score: 28 Votes (Like | Disagree)
code-m Avatar
code-m
26 weeks ago
Privacy and Security ?
Score: 13 Votes (Like | Disagree)
wanha Avatar
wanha
26 weeks ago

If this… and if that… and only if this…. There might be an opportunity to do something.

But it’s fixed now.

When someone comes up who has actually been affected then I’ll join the whingers and complain.

It’s like saying a driver could drive through a red light and cause an accident. But it didn’t happen!!! And until it does.
Did you just say that you'll only complain about people driving through red lights once they cause an accident?
Score: 13 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
26 weeks ago
And through all the betas of iOS 18 nobody caught this
Score: 12 Votes (Like | Disagree)
code-m Avatar
code-m
26 weeks ago

This bug is so basic, that Apple must be embarrassed as they should have some of their people verify security when the make their first passwords app, that is going to be used by millions ?
Needs to be on the local wifi network, if you are using public wifi even at school or work the potential of being compromised would be there. If only at home no biggy unless your neighbours are creeps.
Score: 10 Votes (Like | Disagree)
code-m Avatar
code-m
26 weeks ago

And through all the betas of iOS 18 nobody caught this
What’s surprising is the lack of HTTPS?

For this to work one must have knowledge of the vulnerability then create a fake website and hope the conditions are correct to exploit. Is it possible; yes, is it probable; no
Score: 7 Votes (Like | Disagree)
Read All Comments