Apple fixes Passwords app vulnerability enabling Wi-Fi attacks

Do you remember Apple’s “privacy. This iPhone” marketing campaign? If you are not aware, the company prefers to portray its products as synonym for privacy. However, the recent wave of security weaknesses affecting iPhones and Macs suggest that Apple’s products may not be safe as advertised.

A recent security defect only confirms this point. Security researchers found that Apple’s built-in password manager app, password, was unsafe for fishing attacks for about three months after launch. This meant that an attacker on the same Wi-Fi network, as you like an airport or coffee shop, can redirect your browser to steal your login credentials to a look at a looksing site.

Be preserved and notify! Get safety alerts and expert take tips – Now sign up for Kurt’s Cybergui report,

An iPhone (Kurt “Cybergui” Notson)

What you need to know

Safety researcher MaikIt was observed that Apple’s password app, introduced with iOS 18 in September 2024, had a significant safety defect, which left users unsafe for fishing attacks for about three months.

The app used unknown HTTP connections rather than more secure https to bring logo and icons displayed with stored passwords. This allowed the attackers on the same network, such as public Wi-Fi at the coffee shop or airport, to disrupt these requests and potentially redirect users to steal login credentials on the fishing sites designed to steal login credentials.

The issue was unresolved by the launch of iOS 18 in September 2024, until Apple decided it in December 2024, exposing the users for about three months. If someone opened the password app and tapped a link, such as “change passwords”, then an unsafe network is connected to an attacker, preventing requests and can redirect them to a legitimate site on a legitimate site, such as a fake yelp login page. Since the app did not apply HTTPS, users cannot notice the switch, putting their sensitive information at risk.

Apple Fix Password App Vulnerabity enables Wi-Fi attack

A woman on her iPhone (Kurt “Cybergui” Notson)

How to protect an iPhone and iPad from malware in 2025

Apple has now decided the issue

Apple addressed the problem after Mysk’s security researchers reported in September 2024. The iOS 18.2 update released in December packed the vulnerability by implementing HTTPS for all network communication within the password app, making the attackers very difficult to stop or redirect traffic.

If you are using the iPhone or iPad with the password app, make sure your device is updated after 18.2 or later. This ensures that you are safe from this vulnerability. If you have not yet updated and used the app on public Wi-Fi between September and December 2024, consider changing the password for any account you access during that period, just to be safe.

How to update software on your iPhone

Follow the steps to update your iPhone or iPad:

tap on setting
tap on General
tap on Software update
If any update is available, it will give you the option to download and install

Software update (Kurt “Cybergui” Notson)

Your iPhone has a hidden folder to eat storage space without you

6 ways you can be safe from hackers targeting your password

Apple’s recent security defect with the password app highlights the importance of taking steps to protect your digital identity. Here are some methods that you can be safe from hackers targeting your password.

1) Use a reliable password manager: Apple apps are generally more secure than third-party options, but the password app was not clearly. The fact is that the safety vulnerability was present for three months before Apple was fixed, proves that Apple needs to emphasize more on keeping customer data safe. I would suggest selecting for a reliable password manager instead of relying on Apple’s offer. Find out more about me 2025 Best Expert-Recipe Password Managers,

2) Enable two-factor authentication (2fa): It is good to be a password manager, but you know what is better than this? 2fa. Adding an additional layer of safety with 2fa You can prevent hackers from reaching your accounts, even if they steal your password. Use authentication applications such as Google authentic, microsoft authentic or hardware security key instead of SMS-based codes, which are unsafe for sim-swapping attacks.

3) Avoid public Wi-Fi for sensitive activities and use VPN: Hackers can take advantage of unsafe public networks to intercept your login credentials. If you have to reach sensitive accounts Public Wi-FiUse a VPN to encryp your internet traffic and prevent the attackers from the attackers on your data. VPN will protect you from those who want to track and identify your potential location and websites you see. A reliable VPN is required to protect your online privacy and ensure a safe, high speed connection. For the best VPN software, see my expert review of Best VPN to browse privately on the web Windows, Mac, Android and iOS devices,

4) Beware of fishing attacks and install strong antivirus software: You can protect all in the world but a fishing email or SMS can still cause havoc. Hackers often use fake login pages to trick you to enter their credentials. Always verify the URL before entering the login details, avoid clicking on suspicious links in emails or messages. The best way to protect yourself from malicious links is to install antivirus software on all your devices. This security can also make you alert for email and ransomware scams, keeping your personal information and digital assets safe. Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices,

5) Keep your equipment updated: regularly Update your equipment and software To ensure that you have the latest security patch.

6) Monitor all your accounts regularly: Monitor your accounts for suspicious activity and report login efforts for any unusual transactions or apple.

Apple releases emergency safety updates for serious vulnerability

Kurt’s key to Techway

A password manager has a long time for safety defects, especially from a company that presents himself as a leader in privacy and security. This phenomenon throws light on a disturbed reality. Apple’s safety measures are not infallible, and even the underlying system apps can expose users to serious risks. While the fix finally arrived, it should not have been taken for a long time to address such a fundamental issue. If Apple wants to maintain its privacy-first image, it needs to be improved by ensuring a more rigorous safety test before the launch.

Do you think the Apple is doing enough to stay before developing cyber threats or the company should take additional steps to protect your users? Write us and tell us Cyberguy.com/Contact.

For my tech tips and security alert, subscribe to my free cybergui report newsletter Cyberguy.com/newsletter,

alert: Malware steals bank cards and passwords from millions of equipment.

Ask Kurt a question or tell us which stories you want to cover us ,

Follow Kurt on your social channels:

Answers to the most asked cyber questions:

New from Kurt:

Kurt “Cybergooi” Knatson is a prize -winning technique journalist who has a deep love for technology, gear and gadgets, which improves life with his contribution to Fox News and Fox Business that makes the morning start on “Fox and Friends”. Got a technical question? Get Kurt’s free cybergui newsletter, share your voice, consider a story or comment Cyberguy.com.

What's Hot

When and where to watch the 2025 Preakness Stakes live tonight

Moody’s downgrades US credit rating citing rising debt

As autism ignites a national conversation, Temple Grandin has something to say

US east coast faces rising seas as crucial Atlantic current slows

Why emails are disappearing from your iPhone and 5 proven ways to fix it

Looking For A Healthy Yet Indulgent Period Snack? Try These Chocolate Quinoa Apple Bites

Stability trend for private markets to see in 2025

Appeals court allows Trump to enforce ban on DEI programs for now

My mom says these Sony headphones (down to $38) are the best gift I’ve given her

Most Popular