Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed
Apple fixed a bug in its Passwords app with December's iOS 18.2 update that had left users vulnerable to phishing attacks in the three months since the launch of iOS 18.
According to an Apple security update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.
Without protections of encryption, an attacker on the same Wi-Fi network could redirect a user's browser to a clone phishing site where login details could be stolen. The vulnerability was first discovered by developer Mysk's security researchers and reported in September.
Apple's iOS 18.2 security release notes described the bug like so:
Impact: A user in a privileged network position may be able to leak sensitive information
Description: This issue was addressed by using HTTPS when sending information over the network.
Apple lists the bug in security content updates for the Mac, iPad, and Vision Pro, indicating that this issue was fixed across multiple OSes.
Popular Stories
Apple today announced a "special Apple Experience" in New York, London, and Shanghai, taking place on March 4, 2026 at 9:00am ET.
Apple invited select members of the media to the event in three major cities around the world. It is simply described as a "special Apple Experience," and there is no further information about what it may entail. The invitation features a 3D Apple logo design...
Apple is looking for a "breakthrough" with its push into wearable AI devices, including an "AirTag-sized pendant," according to Bloomberg's Mark Gurman.
In a report this week, he said the pendant is reminiscent of the failed Humane AI Pin, but it would be an iPhone accessory rather than a standalone product.
The pendant would feature an "always-on" camera and a microphone for Siri voice...
Back at WWDC 2025, Apple revealed that it was planning to allow CarPlay users to watch video via AirPlay in their vehicles while they are not driving, and the first beta of iOS 26.4 suggests the feature may be nearing availability.
There are several new references to CarPlay video streaming functionality within the iOS 26.4 beta's source code. The feature is not yet visible to users, but...
New trade-in data indicates that Apple's iPhone 17 Pro Max has rapidly become the single most traded-in smartphone.
According to a new report from SellCell, Apple's latest flagship iPhone has quickly risen to the top of the independent trade-in market, accounting for 11.5% of all devices appearing in the top-20 trade-in rankings just months after release. The analysis is based on SellCell...
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai.
At an Apple Experience, attendees are typically given the opportunity to try out Apple's latest hardware or software. Following the launch of Apple Creator Studio last month, for example, some content creators attended an Apple Experience...
