- Apple’s password -App has been patched after a vulnerability was discovered
- The error left users postponed for three months, experts claim
- Users were at risk of attacks on social technique
An error in iOS 18.2 -TAGEAGE CODING COVERS that left users vulnerable to phishing -attacks for over three months after its release has been resolved according to an update from Apple.
The error was discovered after security researchers at MySK noticed that their device’s app -private life report showed that the passwords had contacted 130 different sites over uncertain HTTP traffic.
The app used the HTTP protocol instead of a more secure HTTPS when opening links and downloading app icons. After further examination, the researchers found that the app also breached to open the password reset pages with the non -encrypted protocol. This left users vulnerable as an attacker “privileged network access could intercept the HTTP request and redirect the user to a phishing site,” the researchers told 9TO5MAC.
Patch now
The risk in this attack is that cyber criminals will use the vulnerability to carry out social technical attacks by redirecting victims to unsafe sites.
The password app now uses HTTPS for all connections by default -so make sure your Apple devices are all updated and using iOS 18.2 or newer.
Research has shown security attacks on password managers has increased in recent months, with reports finding a triple increase in malware targeting credentials in password stores.
The attacks are also growing in sophistication, where cyber criminals prioritize “complex, long-lasting, multi-step attacks” delivered with a whole new generation of malware. This new malware, like Infostealers, comes with more persistence, stealth and automation.
The best and most secure, password administrator tools will surely save, generate and crucial AutoFill your site and app password codes. These can help you create and manage your unique and strong passwords without the hassle of having to remember each one.
