From PC Mag: Apple has fixed a security flaw in its Passwords app that exposed users to phishing attacks for three months after its launch with iOS 18.
As 9to5Mac reports, the vulnerability was discovered by security researchers at Mysk, who reported it to Apple in September. The app used the HTTP protocol instead of the more secure HTTPS to open links and download app icons. With that approach, “an attacker with privileged network access can easily intercept the HTTP request and redirect the victim to a malicious website controlled by the attacker,” the researchers say.
Apple patched the issue with iOS 18.2 and macOS 15.2. While it was included in a Dec. 11 Mac security content document, it wasn't added to the iPhone’s document until Monday. “This issue was addressed by using HTTPS when sending information over the network,” Apple says.
The devices at risk included Macs running macOS Sequoia, iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
View: Full Article
