Apple's Passwords App Security Flaw Was Potentially There 'For Years'

A bug in the iOS Passwords app that meant iPhone users were susceptible to potential phishing attacks has been fixed after possibly being present for years. In a note on its security page, Apple described the issue as one where "a user in a privileged network position may be able to leak sensitive information." The problem was fixed by using HTTPS when sending information over the network, the tech giant said. The bug, first discovered by security researchers at Mysk, was reported back in September but appeared to be left unfixed for several months. In a tweet Wednesday, Mysk said Apple Passwords used an insecure HTTP by default since the compromised password detection feature was introduced in iOS 14, which was released back in 2020. "iPhone users were vulnerable to phishing attacks for years, not months," Mysk tweeted. "The dedicated Passwords app in iOS 18 was essentially a repackaging of the old password manager that was in the Settings, and it carried along all of its bugs." T ... Read full article.