We don’t hear about massive security issues affecting Apple users, but they do happen. No company is immune to hackers, and this latest bit of news is a doozy. According to a report, an Apple Passwords vulnerability left users’ data exposed over the span of months.
Cybersecurity is extremely important. Major companies like Google, Meta, Microsoft, and Apple have a ton of our data on their servers. What makes this worse is that they’re the biggest targets for hackers. Apple is often the biggest fish in the pond, and it’s constantly under attack from cyber criminals.
Well, researchers over at Mysk just discovered an issue with the iOS 18.2 Passwords app that should leave users worried. What’s more worrying is the fact that this vulnerability has been present since December 2024.
An Apple Passwords vulnerability left users’ data exposed for months
Mysk posted a YouTube video on Tuesday showing off this vulnerability and how it could affect users. The Passwords app stores users’ passwords for different services. If you use the app to change a password for a service, it reaches out to that service through a link. That’s pretty standard practice, but the issue is that the app was using the HTTP protocol, which is not secure.
Ideally, the app would reach out to services using the encrypted HTTPS protocol. The problem with using the unencrypted protocol is that a hacker could intercept the traffic coming from the app and send it to a phishing site that can steal the user’s data.
In the video below, we see that the Mysk researcher was able to send their traffic to a fake phishing site. Obviously, phishing sites aren’t going to have a huge “This is a phishing website” banner as we saw in the video. In the case of a real phishing site, it would be cleverly disguised to look like a legitimate website.
Thankfully, Apple fixed it
The company fixed this issue, so make sure you’re using the latest version of the app. While it’s great that Apple patched the issue, it’s still surprising that this Apple Passwords vulnerability existed for three months. There’s no telling how many people could have been negatively affected by it.
