The drawback of Apple Passwords Security is potentially there

An error in iOS passwords, which meant iPhone Consumers have been susceptible to potential phishing attacks after they may have been present for years.

In a note on his security pageApple has identified the problem as one where “a user in a privileged network position may be able to leak sensitive information.” The problem was resolved by using HTTP when sending information via the network, the technological giant said.

The error, first discovered by Mysk security researchers, was reported in September, but it seems left unhealthy for several months. In Tuit Wednesday, said Musk Apple Passwords uses an uncertain HTTP default, as the compromised password detection feature was entered in iOS 14, which was launched in 2020.

“The iPhone users have been vulnerable to phishing attacks for years, not months,” Mysk is tweeting. “The Special Passwords app in iOS 18 was essentially repacking the old password manager, which was in the settings, and carried all its mistakes.”

This said that the likelihood of someone becoming a victim of this mistake is very low. The error was also addressed in security updates for other products, including Mac, iPad and Vision Pro.

In the inscription of a YouTube video Posted by MySK, emphasizing the problem, researchers showed how the iOS 18 password app opens links and downloads account icons by uncertain HTTP default, which makes it vulnerable to phishing attacks. The video emphasizes how the network access striker can cross and redirect requests to a malicious site.

According to 9to5macThe problem creates a problem when the attacker is on the same network as the user, such as in a cafe or airport, and captures the HTTP request before redirecting.

Apple did not answer a request for a comment on the problem or provided additional details.

Mysk said that the error not ranked for a cash prize as it does not meet the criteria for impact or does not fall into any of the eligible categories.

“Yes, there is a feeling that you are doing a charity work for a $ 3 trillion company,” the company tweetS “We didn’t do this mostly for money, but it shows how Apple evaluates independent researchers. We had spent a lot of time since September 2024, trying to convince Apple that it’s a mistake. We’re glad it works. And we’ll do it again.”

Potential security of security

Georgia Cook, ABI Research’s security analyzer, called the newspaper “It’s Not a Small Skill”.

“It’s a hell of Apple, really,” Cook said. “For the user, this is concerned about the vulnerability, demonstrating failure in the basic security protocols, exposing them to a long -standing attack form that requires limited improvement.”

According to Cook, most people probably won’t face this problem as it requires a very specific set of circumstances, such as the choice to update your entrance from A Password managerDoing it on a public network and you do not notice if you are redirected. This said this is a good reminder of why keeping your devices is so important regularly.

She added that people could take additional steps to protect themselves from these types of vulnerabilities, especially in shared networks. This includes trafficking in routing devices via a Virtual private networkAvoiding sensitive transactions such as power of attorney changes to public Wi-Fi and no passwords are reused.