Apple’s Passwords -APP, designed to improve security for iOS users, has left them vulnerable to Phishing attacks ironically for almost three months. Safety researchers recently revealed that the mistake that exposed sensitive information raises concerns about the risks of cyber security – even with reliable software.

The vulnerability explains

Researchers at MySK have identified the error that stems from the use of the app’s use of Unencrypted http connections When you recycle the website icons and open pages for reinstatement of password. This safety run has enabled attackers to intercept data and redirect users to malicious phishing sites.

> MySK’s team has discovered that the password app has contacted more than 130 websites using unprotected HTTP traffic. This made it possible for hackers on the same Wi-Fi network-like in cafes, airports or hotels-to manipulate the requests and cheat users to visit fraudulent websites designed to steal login vouchers.

Apple’s response and fix

After discovering the vulnerability in September 2024, MySK immediately reported the problem to Apple. The technical giant addressed the error with the iOS 18.2 update released in December 2024. This update has implemented encrypted HTTPS connections for improved security.

However, Apple publicly announced the vulnerability in March 2025, with an emphasis on the importance of timely updates and robust measures for cyber security.

Which users should keep in mind

To protect their data, iPhone users are strongly encouraged to update their devices to the latest version of iOS. Update to iOS 18.2 or later ensures the passwords that work with encrypted connections, which significantly reduces phishing risks.

In addition, users should remain vigilant if they gain access to public Wi-Fi networks and consider using a reliable VPN for extra protection.

Key lessons for users and developers

The incident highlights the critical need for safe data transfer protocols, especially for applications that manage sensitive information. While Apple quickly resolved the problem, the matter serves as a reminder that even the most reliable software can have vulnerabilities.

By keeping software up to date and adopting best safety practices, users can better protect themselves from emerging threats in an increasingly digital world.