.png){kind=logo}
The Passwords app of Apple revealed a critical security weakness to phishing attacks that affected users. Apple fixed a security vulnerability in version iOS 18.1 through the release of iOS 18.2. The updated Note from Apple confirmed that unencrypted Wi-Fi connections exposed users to on-network attackers who could steal sensitive information, including passwords. The flaw remained unidentified within Apple Systems during a period spanning from September 2024 up until Apple Systems received their first report in that timespan.
Users remained at risk because the Passwords app neglected to secure its site icon and password reset page requests through the HTTPS protocol. Attackers found the application vulnerable since it transmitted requests through unsecured networks. The same Wi-Fi network attacks on users resulted in traffic steering toward deceptive websites even though users meant to reach their valid destinations. Many users exposed their authentication passwords to attackers while using these deceptive sites. Security breaches occurred because this problem represented a significant issue that allowed user information to become accessible to threats. The users remained uninformed about the dangers that existed to their data.
Security researchers Talal Haj Bakry and Tommy Mysk discovered the problem, leading Apple to develop a quick remedy. The security weakness was resolved when Apple deployed iOS 18.2 as an update in December 2024. The update delivered protection against two security weaknesses because it blocked data exposures and traffic modification carried out by attackers. The fixes that solve device vulnerabilities are present in iOS 18.2 and its succeeding versions, as per Apple's support details.
Security problems prove that applications that deal with sensitive data need encrypted communication protocols for protection. The incident showed that security problems arise from unsecured network communication, even though Apple fixed the issue efficiently. To protect themselves from similar security vulnerabilities, users must install mandatory Apple device updates.
This incident revealed how strongly Apple invests in strengthening device protection. Because of this incident, organizations must now adopt mandatory security assessments with increased focus. Although the fix resolved the problem, Apple's customers suffered months of phishing exposure due to insecurity about potential large-scale malicious activities.
