Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed - MacRumors
Skip to Content

Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed

by

Apple fixed a bug in its Passwords app with December's iOS 18.2 update that had left users vulnerable to phishing attacks in the three months since the launch of iOS 18.

Generic iOS 18 Passwords Feature
According to an Apple security update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.

Without protections of encryption, an attacker on the same Wi-Fi network could redirect a user's browser to a clone phishing site where login details could be stolen. The vulnerability was first discovered by developer Mysk's security researchers and reported in September.

Apple's iOS 18.2 security release notes described the bug like so:

Impact: A user in a privileged network position may be able to leak sensitive information

Description: This issue was addressed by using HTTPS when sending information over the network.


Apple lists the bug in security content updates for the Mac, iPad, and Vision Pro, indicating that this issue was fixed across multiple OSes.

Popular Stories

Four iPhone 18 Pro Colors Mock Feature

iPhone 18 Pro Launching Later This Year With These 10 New Features

Tuesday May 26, 2026 6:32 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not launching until September, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component will be moved under the...
Read Full Article49 comments
Apple Watch Ultra 2 Black Titanium

watchOS 27 Will Add These New Features to Your Apple Watch

Sunday May 24, 2026 11:53 am PDT by
Apple will unveil watchOS 27 during its WWDC 2026 keynote on Monday, June 8, and a handful of new features have been rumored already. The first developer beta of watchOS 27 should be available immediately following the keynote, and a public beta typically follows in July. The update should be released to all users with a compatible Apple Watch model in September. Below, we recap watchOS...
Read Full Article59 comments
iPhone 15 General Feature Green

Apple Preparing 'Most Significant Overhaul in the iPhone's History'

Friday May 22, 2026 1:36 pm PDT by
Apple reportedly plans to unveil its first foldable iPhone in September this year — it may be named "iPhone Ultra" — and expectations are high. In his Power On newsletter, Bloomberg's Mark Gurman said the foldable iPhone will be "the most significant overhaul in the iPhone's history." "iPhone 4, iPhone 6 and iPhone X were clearly a big deal, but this is a whole new design," he said....
Read Full Article

Top Rated Comments

I
iBluetooth
16 months ago
This bug is so basic that Apple must be embarrassed, as they should have some of their people verify security when they make their first passwords app, which is going to be used by millions 🫢
Score: 28 Votes (Like | Disagree)
wanha Avatar
wanha
16 months ago

If this… and if that… and only if this…. There might be an opportunity to do something.

But it’s fixed now.

When someone comes up who has actually been affected then I’ll join the whingers and complain.

It’s like saying a driver could drive through a red light and cause an accident. But it didn’t happen!!! And until it does.
Did you just say that you'll only complain about people driving through red lights once they cause an accident?
Score: 13 Votes (Like | Disagree)
code-m Avatar
code-m
16 months ago
Privacy and Security 🤭
Score: 13 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
16 months ago
And through all the betas of iOS 18 nobody caught this
Score: 12 Votes (Like | Disagree)
code-m Avatar
code-m
16 months ago

This bug is so basic, that Apple must be embarrassed as they should have some of their people verify security when the make their first passwords app, that is going to be used by millions 🫢
Needs to be on the local wifi network, if you are using public wifi even at school or work the potential of being compromised would be there. If only at home no biggy unless your neighbours are creeps.
Score: 10 Votes (Like | Disagree)
Pitogyro Avatar
Pitogyro
16 months ago
There's only so many rescources they have and there was genmoji to launch.
Score: 7 Votes (Like | Disagree)
Read All Comments