The password application reached the iPhone in iOS 18 last September, as a way to unify all passwords in the same app, being able to manually seek what you want. So far, but the failures have arrived, although they seem corrected.
A serious security failure in the Apple Passwords native app that users were vulnerable to phishing attacks for three months, before being corrected.
Safety failure in the password app
The vulnerability, discovered by mysk researchers, allowed the application to load content through non -safe connections (HTTP) instead of using the HTTPS encryption protocol. This opened the door to possible attacks in which hackers could catch unsuspecting and redirect users to fraudulent sites without these realizing.
The error was present since the launch of iOS 18.0 on September 16 and It was not corrected until the arrival of iOS 18.2 On December 11, although Apple did not make public the existence of the ruling until March 17. According to Mysk, the problem arose when the password app obtained logos and icons of websites through HTTP connections without encrypting and, in addition, it opened password restoration pages through this same protocol. The researchers themselves were surprised that Apple, a company that presumes prioritizing the safety of their customers, would not Forced the use of HTTPS in an application as sensitive as a password manager.
Cybersecurity experts warn that these types of failures can be used by cybercriminals with privileged access to a network to redirect traffic to phishing pages identical to the originals. In this way, users could introduce their credentials believing that they are in a totally legal place when they are actually giving their information to attackers who only have bad intentions.
Always update your iPhone to avoid security problems
Apple solved the problem in iOS 18.2 applying HTTPs by default in all application connections, thus avoiding the possibility that the information is transmitted without encrypting. However, the company did not publicly announce the correction until this month of March, which has once again focused criticism in Apple and its questioned transparency when addressing its users, especially in terms of security.
This error is another sample of the importance of today keep the devices updated. We, as experts in the field, always recommend it. To check if there are pending updates on an iPhone, it is enough to open the APP adjustments, go to “general” and select “software update”. In addition, it is advisable to enable automatic update to receive safety patches as they are available.
This case shows that even in the most closed and supposedly safe ecosystems, such as Apple's, vulnerabilities may arise that compromise user privacy. The speed with which these failures are corrected is key to minimizing risks, but so is transparency when informing about them.
The serious entry security failure in the iPhone password app: Make sure your data has not been stolen first in the bite apple.
