Apple has disclosed a critical vulnerability in the Passwords app that exposed iOS 18 users to phishing attacks for three months. The flaw was fixed with the release of iOS 18.2.
Cybersecurity experts discovered that Passwords was sending requests for logos and icons of websites for which passwords were saved in unencrypted form. This opened up opportunities for attackers who were on the same Wi-Fi network as the user (say, in public places) to replace these images. As a result, the user was redirected to fake, phishing sites where their credentials could be compromised.
The vulnerability existed since the release of iOS 18, and the problem was reported to Apple back in September 2024. After analysis and testing, the fix was only released in iOS 18.2, which resolved the issue by encrypting all requests.
Phishing attacks are becoming increasingly sophisticated, and even official apps are not immune to critical flaws. Apple strongly recommends that all users update their devices to iOS 18.2 to minimize the likelihood of potential threats.
136 
138 
120 