Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed - MacRumors
Skip to Content

Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed

by

Apple fixed a bug in its Passwords app with December's iOS 18.2 update that had left users vulnerable to phishing attacks in the three months since the launch of iOS 18.

Generic iOS 18 Passwords Feature
According to an Apple security update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.

Without protections of encryption, an attacker on the same Wi-Fi network could redirect a user's browser to a clone phishing site where login details could be stolen. The vulnerability was first discovered by developer Mysk's security researchers and reported in September.

Apple's iOS 18.2 security release notes described the bug like so:

Impact: A user in a privileged network position may be able to leak sensitive information

Description: This issue was addressed by using HTTPS when sending information over the network.


Apple lists the bug in security content updates for the Mac, iPad, and Vision Pro, indicating that this issue was fixed across multiple OSes.

Popular Stories

Apple Card iPhone 16 Pro Feature

Apple Card Promo to Offer Free AirPods Pro 3

Friday May 15, 2026 8:59 am PDT by
Starting as early as next week, customers who sign up for an Apple Card at Apple's retail stores in the U.S. will receive $249 cash back when they purchase AirPods Pro 3, according to Bloomberg's Mark Gurman. The promotion has yet to be officially announced by Apple, so exact terms and conditions are not available at this time. AirPods Pro 3 are priced at $249 in the U.S., so customers who...
Read Full Article40 comments
Apple WWDC25 iOS 26 CarPlay Light mode 250609

Six Popular iPhone Apps Now Available on CarPlay

Thursday May 14, 2026 9:10 am PDT by
Apple's CarPlay system for accessing iPhone apps on a vehicle's dashboard screen has received six popular apps in recent weeks: ChatGPT, Perplexity, Grok, Google Meet, WhatsApp, and the indie artist streaming platform Audiomack. Make sure you have the latest version of each app and they will automatically appear on CarPlay. ChatGPT Starting with iOS 26.4, CarPlay supports voice-based...
Read Full Article29 comments
ipad mini 7 blue

OLED iPad Mini: Release Date, Pricing, and What to Expect

Thursday May 14, 2026 5:08 am PDT by
According to the latest rumors, Apple is close to launching its next-generation iPad mini. So what should we expect from the successor to the iPad mini 7 that Apple released over a year ago? Read on to find out. Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to information found in code...
Read Full Article87 comments

Top Rated Comments

I
iBluetooth
15 months ago
This bug is so basic that Apple must be embarrassed, as they should have some of their people verify security when they make their first passwords app, which is going to be used by millions 🫢
Score: 28 Votes (Like | Disagree)
wanha Avatar
wanha
15 months ago

If this… and if that… and only if this…. There might be an opportunity to do something.

But it’s fixed now.

When someone comes up who has actually been affected then I’ll join the whingers and complain.

It’s like saying a driver could drive through a red light and cause an accident. But it didn’t happen!!! And until it does.
Did you just say that you'll only complain about people driving through red lights once they cause an accident?
Score: 13 Votes (Like | Disagree)
code-m Avatar
code-m
15 months ago
Privacy and Security 🤭
Score: 13 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
15 months ago
And through all the betas of iOS 18 nobody caught this
Score: 12 Votes (Like | Disagree)
code-m Avatar
code-m
15 months ago

This bug is so basic, that Apple must be embarrassed as they should have some of their people verify security when the make their first passwords app, that is going to be used by millions 🫢
Needs to be on the local wifi network, if you are using public wifi even at school or work the potential of being compromised would be there. If only at home no biggy unless your neighbours are creeps.
Score: 10 Votes (Like | Disagree)
Pitogyro Avatar
Pitogyro
15 months ago
There's only so many rescources they have and there was genmoji to launch.
Score: 7 Votes (Like | Disagree)
Read All Comments