An error in iOS password application refers to iPhone Users may fix potential phishing attacks after years of occurrence.
In comments on its security PageApple describes the problem as “a user with a privileged network location in a privileged network location may be able to leak sensitive information.” The tech giant says it uses HTTP to solve the problem when sending information over the network.
The error was first discovered by security researchers at MYSK and was reportedly reported in September but appears to be fixed for several months. In Wednesday’s tweet Mesk says Apple passwords use unsafe HTTP by default, as the compromised password detection feature was introduced in iOS 14, which was released in 2020.
“Iphone users are vulnerable to phishing attacks,” Mysk tweeted. “The dedicated password app in iOS 18 is essentially repackaged, the app is an old password manager in the settings, and it carries all its errors.”
That is, the chances of someone getting caught in this error are very low. The bug was also resolved in security updates for other products, including Mac, iPad, and Vision Pro.
In a title Youtube Videos Researchers published Mysk highlighting this issue, showing how the iOS 18 password app opens a link and downloads an account icon over an insecure HTTP, making it vulnerable to phishing attacks. The video highlights how an attacker with network access intercepts and redirects requests to a malicious website.
according to 9to5macWhen an attacker is on the same network as the user (such as in a coffee shop or an airport), the issue raises a question and intercepts HTTP requests before redirecting.
Apple did not respond to a request for comment on the issue or provided more details.
Mesk said the error was found not eligible for a monetary bounty because it did not meet the impact criteria and did not fall into any qualified category.
“Yes, it feels like doing charity work for a $3 trillion company,” the company said. Tweets. “We don’t do it primarily for money, but it shows how Apple appreciates independent researchers. Since September 2024, we’ve spent a lot of time trying to convince Apple that it was a mistake. We’re glad it worked. We’ll do it again.”
Potential safe sliding
Georgia Cooke, a security analyst at ABI Research, called the issue “not a small bug.”
“It’s Apple’s slip-away, indeed,” Cook said. “For users, it’s a vulnerability that proves a failure in the basic security protocol, exposing it to a long-standing form of attack, which requires limited complexity.”
According to Cook, most people may not encounter this problem because it requires a specific set of situations such as choosing from one Password Manageroperate on a public network without notice if you are redirected. That said, this is a good reminder of why it is so important to update your device regularly.
She added that people can take additional steps to protect themselves from such vulnerabilities, especially on shared networks. This includes routing device traffic through A Virtual Private Networkavoid sensitive transactions, such as credential changes for public Wi-Fi, without reusing passwords.
