1. Forum
  2. tqwNet
  3. TQW GENTECH

  • A worrying Apple Password App vulnerability reportedlyleft users

    From TechnologyDaily@1337:1/100 to All on Wednesday, March 19, 2025 17:30:09
    A worrying Apple Password App vulnerability reportedlyleft users exposed for months

    Date:
    Wed, 19 Mar 2025 17:16:08 +0000

    Description:
    Apple has fixed a serious HTTP bug that left users at risk of phishing attacks.

    FULL STORY ======================================================================Apple's Password App has been patched after a vulnerability was discovered The flaw left users exposed for three months, experts claim Users were at risk of social engineering attacks

    A bug in the iOS 18.2 Passwords app which left users vulnerable to phishing attacks for over three months after its release, has been fixed, according to an update from Apple .

    The flaw was discovered after security researchers at Mysk noticed that their devices App Privacy Report showed the Passwords App had contacted 130 different websites over insecure HTTP traffic.

    The app used the HTTP protocol instead of a more secure HTTPS when opening links and downloading app icons. Upon further investigation, the researchers found that the app also defaulted to opening password reset pages with the unencrypted protocol. This left users vulnerable as an attacker privileged network access could intercept the HTTP request and redirect the user to a phishing website, the researchers told 9to5Mac . Patch now

    The risk in this attack is that cybercriminals will use the vulnerability to carry out social engineering attacks by redirecting victims to insecure websites.

    The Password app will now use HTTPS for all connections by default - so
    ensure your Apple devices are all updated and using iOS 18.2 or later.

    Research has shown security attacks on password managers have soared in
    recent months, with reports finding a threefold increase in malware that targets credentials in password stores.

    The attacks are also growing in sophistication , with cybercriminals prioritizing complex, prolonged, multi-stage attacks delivered with an
    all-new generation of malware. This new malware, like infostealers, comes
    with more persistence, stealth, and automation.

    The best, and most secure, password manager tools will safely store,
    generate, and crucially autofill your website and app passwords. These can help you create and manage your unique and strong passwords without the
    hassle of having to remember each one. You might also like Take a look at our picks for the best password generators around Check out our choice for best antivirus software How phishing attacks are hitting the supply chain and how to fight back



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-worrying-apple-password-app-vulnerabi lity-reportedlyleft-users-exposed-for-months


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)