Apple Passwords App Vulnerability Exposed Users for Months: What You Need to Know

Apple’s Passwords App Had a Critical Security Flaw

Apple’s Passwords app, introduced in iOS 18 as a standalone password manager, was meant to enhance security for iPhone users. However, a recently disclosed flaw left users vulnerable to phishing attacks for nearly three months. Security researchers revealed that the flaw exposed sensitive information, raising concerns about cybersecurity risks—even within trusted software ecosystems.

The Vulnerability Explained

Security researchers at Mysk discovered that the Passwords app was using unencrypted HTTP connections when retrieving website icons and opening password reset pages. This lapse in security allowed attackers to intercept data and redirect users to malicious phishing sites.

Mysk’s team found that the app contacted over 130 websites via unprotected HTTP traffic. Hackers on shared Wi-Fi networks, such as in cafes, airports, or hotels, could exploit this weakness to manipulate requests and deceive users into entering their login credentials on fraudulent sites.

Apple’s Response and Fix

After Mysk identified the vulnerability in September 2024, they promptly reported it to Apple. The tech giant addressed the flaw in the iOS 18.2 update, released in December 2024, implementing encrypted HTTPS connections for enhanced security.

However, Apple only publicly disclosed the vulnerability in March 2025, underscoring the importance of timely updates and robust cybersecurity measures.

What Users Should Keep in Mind

To safeguard personal data, iPhone users should update their devices to the latest iOS version. Updating to iOS 18.2 or later ensures that the Passwords app operates with encrypted connections, significantly reducing phishing risks.

Additionally, users should exercise caution when accessing public Wi-Fi networks and consider using a reputable VPN for added protection.

Key Lessons for Users and Developers

This incident highlights the necessity of secure data transmission protocols, especially for applications handling sensitive information. While Apple swiftly resolved the issue, it serves as a reminder that even trusted software can have vulnerabilities.

By keeping software up to date and following best security practices, users can enhance their protection against emerging cyber threats in today’s digital landscape.

Stay Secure with Regular Updates

For the latest cybersecurity news, best practices, and tech insights, subscribe to our newsletter and stay informed!