Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed

by

Apple fixed a bug in its Passwords app with December's iOS 18.2 update that had left users vulnerable to phishing attacks in the three months since the launch of iOS 18.

Generic iOS 18 Passwords Feature
According to an Apple security update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.

Without protections of encryption, an attacker on the same Wi-Fi network could redirect a user's browser to a clone phishing site where login details could be stolen. The vulnerability was first discovered by developer Mysk's security researchers and reported in September.

Apple's iOS 18.2 security release notes described the bug like so:

Impact: A user in a privileged network position may be able to leak sensitive information

Description: This issue was addressed by using HTTPS when sending information over the network.


Apple lists the bug in security content updates for the Mac, iPad, and Vision Pro, indicating that this issue was fixed across multiple OSes.

Popular Stories

maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article185 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article100 comments
maxresdefault

Hands-On With a Rough iPhone Fold Mockup

Monday December 29, 2025 10:55 am PST by
Apple is rumored to be introducing a foldable iPhone in September 2026, and since it will bring the biggest form factor change since the iPhone was introduced in 2007, curiosity about the design is high. A 3D designer created an iPhone Fold design based on rumors, and we printed it out to see how it compares to Apple's current iPhones. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article125 comments
apple intelligence black

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Tuesday December 30, 2025 9:01 am PST by
Apple's restrained artificial intelligence strategy may pay off in 2026 amid the arrival of a revamped Siri and concerns around the AI market "bubble" bursting, The Information argues. The speculative report notes that Apple has taken a restrained approach with AI innovations compared with peers such as OpenAI, Google, and Meta, which are investing hundreds of billions of dollars in data...
Read Full Article132 comments
apple fitness 2026 1

Apple Teases 'Something Big' Coming Soon to Apple Fitness+

Tuesday December 30, 2025 2:11 pm PST by
The Apple Fitness+ Instagram account today teased that the service has "big plans" for 2026. In a video, several Apple Fitness+ trainers are shown holding up newspapers with headlines related to Apple Fitness+. What's Apple Fitness+ Planning for the New Year? Something Big is Coming to Apple Fitness+ The Countdown Begins. Apple Fitness+ 2026 is Almost Here 2026 Plans Still Under ...
Read Full Article52 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
airpods color prototypes

Apple Tested AirPods in Bright Colors

Saturday December 27, 2025 6:06 am PST by
Apple reportedly tested a version of the first-generation AirPods with bright, iPhone 5c-like colored charging cases. The images, shared by the Apple leaker and prototype collector known as "Kosutami," claim to show first-generation AirPods prototypes with pink and yellow exterior casings. The interior of the charging case and the earbuds themselves remain white. They seem close to some...
Read Full Article83 comments
tesla red orange bg feature

Tesla Could Be Planning to Support Apple Car Keys

Sunday December 28, 2025 4:24 am PST by
Support for Apple Car Keys may now be more likely to come to Tesla vehicles, amid new evidence that the automaker is embracing native, system-level digital car keys. According to Not a Tesla App, 4.52.0 of Tesla's mobile app contains multiple code references to Harmony Wallet Key Cards. The discovery is notable because it represents a shift in how Tesla appears to be approaching mobile...
Read Full Article167 comments

Top Rated Comments

iBluetooth Avatar
iBluetooth
10 months ago
This bug is so basic that Apple must be embarrassed, as they should have some of their people verify security when they make their first passwords app, which is going to be used by millions ?
Score: 28 Votes (Like | Disagree)
code-m Avatar
code-m
10 months ago
Privacy and Security ?
Score: 13 Votes (Like | Disagree)
wanha Avatar
wanha
10 months ago

If this… and if that… and only if this…. There might be an opportunity to do something.

But it’s fixed now.

When someone comes up who has actually been affected then I’ll join the whingers and complain.

It’s like saying a driver could drive through a red light and cause an accident. But it didn’t happen!!! And until it does.
Did you just say that you'll only complain about people driving through red lights once they cause an accident?
Score: 13 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
10 months ago
And through all the betas of iOS 18 nobody caught this
Score: 12 Votes (Like | Disagree)
code-m Avatar
code-m
10 months ago

This bug is so basic, that Apple must be embarrassed as they should have some of their people verify security when the make their first passwords app, that is going to be used by millions ?
Needs to be on the local wifi network, if you are using public wifi even at school or work the potential of being compromised would be there. If only at home no biggy unless your neighbours are creeps.
Score: 10 Votes (Like | Disagree)
code-m Avatar
code-m
10 months ago

And through all the betas of iOS 18 nobody caught this
What’s surprising is the lack of HTTPS?

For this to work one must have knowledge of the vulnerability then create a fake website and hope the conditions are correct to exploit. Is it possible; yes, is it probable; no
Score: 7 Votes (Like | Disagree)
Read All Comments