Apple's Passwords App Had a Security Flaw, Potentially 'For Years'

Apple has fixed a bug in the iOS Passwords app that allowed iPhone users to be susceptible to phishing attacks, potentially for years. In a note on its security page, the company described the issue as one where "a user in a privileged network position may be able to leak sensitive information." The issue was fixed by using HTTPS when sending information over the network, it said. The bug, first discovered by security researchers at Mysk, was reported back in September but appeared to be left unfixed for several months. In a tweet on Wednesday, Mysk said Apple Passwords used an insecure HTTP by default since the compromised password detection feature was introduced in iOS 14. "iPhone users were vulnerable to phishing attacks for years, not months," Mysk tweeted. "The dedicated Passwords app in iOS 18 was essentially a repackaging of the old password manager that was in the Settings, and it carried along all of its bugs." That said, the likelihood of someone falling victim to this b ... Read full article.