Apple recently disclosed that a serious security flaw in its Passwords app exposed users to phishing attacks for three months before being patched in iOS 18.2.
The vulnerability, which could have been exploited by attackers on the same Wi-Fi network, has now been resolved, according to Apple's revised release notes for the update.
The Passwords app, introduced in iOS 18, provided users with a standalone way to access stored login credentials. However, security researchers Talal Haj Bakry and Tommy Mysk identified a flaw that could allow hackers to intercept sensitive information by manipulating network traffic.
Apple's support document explains that the issue stemmed from the app's failure to use encrypted HTTPS connections when retrieving website icons and password reset pages. This security lapse meant an attacker on the same Wi-Fi network could redirect users to fraudulent phishing sites, potentially tricking them into entering their credentials.
The cybersecurity firm Mysk reported the issue to Apple in September, and the company quietly patched it with the iOS 18.2 update in December. Apple has now credited the researchers for uncovering the flaw in its revised release notes.
The fix ensures that users running iOS 18.2 and iPadOS 18.2 or later are no longer at risk from this vulnerability. Apple has not disclosed whether the flaw was actively exploited but urges users to update their devices to the latest software to ensure their security.