iPhone users have recently been alerted to a potential risk of phishing attacks stemming from a vulnerability in the Passwords app included in Apple’s iOS 18.2.
According to TechRadar, this significant security flaw has existed for over three months, leaving users exposed. However, Apple has since issued an update aimed at resolving this issue.
The vulnerability was identified by security researchers at Mysk, who discovered that the Passwords app operates using the insecure HTTP protocol instead of the more secure HTTPS when opening links and downloading app icons. This oversight allows malicious actors to intercept requests and mislead users by redirecting them to counterfeit websites designed to steal sensitive information.
This vulnerability can enable attackers to easily create fake websites that closely mimic legitimate ones, prompting users to input their login credentials. As a result, various types of sensitive information, including bank account details, email passwords, and social media logins, could be at risk.
In response, Apple has released an update to iOS 18.2, urging all iPhone users to upgrade their devices to the latest version promptly. In addition to updating their software, users are encouraged to exercise caution online by avoiding suspicious links and verifying website addresses before entering login information.
As phishing attacks targeting password managers become more frequent, users must stay alert while using these tools. While Apple’s timely action to address the vulnerability is commendable, it highlights the importance of remaining vigilant in today’s digital landscape, where no system can be deemed entirely secure.
