Apple

Apple's New Passwords App Exposed Users to Phishing Attacks for Three Months After Launch

A critical flaw in Apple’s new Passwords app exposed users to phishing attacks for three months before a patch was released.
By Blip Tech 1 min read

Summary of Apple’s Passwords App Vulnerability

In iOS 18, Apple introduced the standalone Passwords app to make credential management more user-friendly. However, a significant security flaw left users vulnerable to phishing attacks for nearly three months from the initial release until it was patched in iOS 18.2.

Key Points:

  • Vulnerability Discovery: Security researchers at Mysk found that the Passwords app contacted over 130 websites via unsecured HTTP, fetching account logos and icons and opening password reset pages using the same protocol.
  • Security Risk: This allowed attackers with network access to intercept HTTP requests and redirect users to phishing sites, potentially stealing their credentials.
  • Mitigation: Modern websites often use 301 redirects to HTTPS, which would normally secure the connection. However, an attacker on the same network could manipulate the initial HTTP request before it redirected, leading to a successful phishing attack.
  • Resolution: Apple quietly patched the vulnerability in December of the previous year and disclosed it recently. The Passwords app now enforces HTTPS by default for all connections.
  • User Action: Ensure your devices are running at least iOS 18.2 to benefit from the security fix.
#Apple #iOS18 #Phishing

Latest News

Security

The AppSheet Heist: How Hackers Hijacked 30,000 Facebook Accounts via Google Platform

A sophisticated phishing relay leveraging Google AppSheet has successfully compromised tens of thousands of Facebook profiles for black-market resale.

Gaming

Steel and Zeal: The Angels of Death Reinforce the Frontlines of Armageddon

Gear up for the ultimate tabletop siege as we unbox the legendary Space Marine forces destined for the war-torn hive world of Armageddon.

Gaming

Valve’s Quest for the Living Room Meets the Reality of the RAMpocalypse

While SteamOS is making historic gains in the PC market, the high cost of hardware evolution is giving Microsoft a much-needed window of opportunity to fight back.

Gaming

Subnautica 2 System Requirements: Is Your PC Ready to Sink or Swim?

Prepare to plunge into the depths of a beautiful alien ocean, but make sure your hardware has enough oxygen to survive the demanding new specs.

Windows

Microsoft Flips the Script: The Massive Windows 11 UI Overhaul You Have Been Waiting For

The tech giant is turning the tide on user frustration by rolling out a wave of critical interface refinements and long-requested fixes.

Lifestyle

Michelin Magic Hits West Hollywood: Sushi Nakazawa Finally Makes Its West Coast Debut

The world's most anticipated omakase experience is finally bringing its Michelin-starred precision to the heart of Los Angeles.

About Blip Tech

Blip Tech is your go-to source for fast, reliable technology news. We cover everything from the latest Apple and Google announcements to breakthroughs in artificial intelligence, new smartphone releases, computer hardware, and everyday tech tips and how-tos. Our mission is to keep you informed without the fluff — just the news you need, delivered clearly and concisely.