Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Do you remember the “Privacy of the iPhone” of Apple’s marketing campaigns? If you do not know, the company likes to portray its products as a synonym for privacy. However, the latest wave of safety fuses affect iPhones and Macs indicate that Apple’s products may not be as safe as announced.
A current safety error only increases this point. Security researchers found that the integrated password app from Apple, passwords, was susceptible to phishing attacks almost three months after the start. This meant that an attacker in the same Wi-Fi network as you, as in an airport or café, could redirect her browser to a lookalike phishing location in order to steal their login information.
A person who holds an iPhone (Kurt “Cyberguy” Knutson)
What you need to know
Security researcher at muskIt found that Apple’s password app, which was introduced in September 2024 with iOS 18, had a significant safety error that made users susceptible to phishing attacks for almost three months.
The app used unencrypted HTTP connections instead of the safer HTTPS to get logos and symbols that are displayed in addition to stored passwords. This enabled attackers in the same network as the public WLAN in a café or airport, intercept these inquiries and possibly redirect users to phishing websites to steal login information.
The problem remained in September 2024, until Apple found it in December 2024, unresolved by iOS 18’s start and the users were exposed for almost three months. If someone opened the password app and picked up a link like “Change password” while being connected to an unsafe network, an attacker could intercept the request and redirect to a fraudulent site that imitates a legitimate imitation of a legitimate side, e.g. B. a fake Yelp login page. Since the app has not enforced HTTPS, the users may not notice the switch and endanger their sensitive information.
A woman on her iPhone (Kurt “Cyberguy” Knutson)
How to protect an iPhone and an iPad from malware in 2025
Apple has now fixed the problem
Apple LAT started the problem after MYSK’s security researcher reported it in September 2024. The update of iOS 18.2 published in December patched the vulnerability by enforcing HTTPS for all network communications within the passwords apps, which made it much more difficult for attackers to intercept or rebuild traffic.
If you use an iPhone or iPad with the password app, make sure your device is updated to iOS 18.2 or higher. This ensures that they are protected against this susceptibility to security. If you have not yet updated and used the app between September and December 2024 for public WiFi, you should change the passwords for all accounts that you have accessed during this period to protect it safely.
How to update the software on your iPhone
Follow the steps to update your iPhone or iPad:
- Tap Settings
- Tap Generally
- Tap Software update
- If an update is available, you can get the option to download and install
Software update (Kurt “Cyberguy” Knutson)
Your iPhone has a hidden folder that outputs the storage space
6 possibilities that can remain safe from hackers that aim at their passwords
Apple’s latest safety error with the password -app shows how important it is to take steps to protect your digital identity. Here are some options that can remain safe from hackers that aim at your passwords.
1) Use a reliable password manager: Apple apps are generally safer than options from third-party providers, but the password app was clearly not the case. The fact that the susceptibility to security existed for three months before Apple has been determined shows that Apple has to concentrate more on keeping customer data safe. I would recommend choosing a reliable password manager instead of relying on Apple’s offer. Get more details about mine Best expert password managers from 2025 here.
2) Activate the two-factor authentication (2FA): It’s good to have a password manager, but you know what is even better? 2fa. Add an additional security level with 2FA Can prevent hackers from accessing their accounts, even if they steal their password. Use authentication apps such as Google Authenticator, Microsoft Authenticator or Hardware Security key instead of SMS-based codes that are susceptible to SIM wapping attacks.
3) Avoid the public WLAN for sensitive activities and use a VPN: Hackers can take advantage of unsecured public networks to interfere with their login information. If you have to access sensitive accounts Public Wi-FiEncrypt a VPN to encrypt your internet traffic and prevent attackers from tensioning your data. VPNS protects you from those who want to follow and identify their potential location and the websites they visit. A reliable VPN is of essential importance to protect your online private sphere and the guarantee of a secure high-speed connection. The best VPN software can be found in my expert check of the best VPNs to search the web privately on yours Devices Windows, Mac, Android and iOS.
4) Pay attention to phishing attacks and install a strong antivirus software: You can have the entire protection of the world, but a phishing -e mail or SMS can still cause chaos. Hackers often use fake registration sites to make them enter their login information. Always check URLs before entering registration data and do not click on suspicious links in e -mails or messages. The best way to protect yourself from malicious links is to have installed the antivirus software on all devices. This protection can also draw your attention to Phishing -E emails and ransomware frauds in order to keep your personal data and digital assets secure. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
5) Keep your devices up to date: Regularly Update your devices and software To ensure that you have the latest security patches.
6) Consume all of your accounts regularly: Monitor your accounts for suspicious activities and report unusual transactions or registration attempts for Apple.
Apple publishes the emergency awareness of emergency safety for serious vulnerability
Kurts important snack bar
Three months are a long time before a security error in a password manager is unpatched, especially by a company that is a leader in terms of privacy and security. This incident shows a disturbing reality. Apple’s security measures are not infallible, and even integrated system apps can expose users to serious risks. While the Fix finally arrived, it shouldn’t have been so long that such a fundamental problem was tackled. If Apple wants to keep its image of privacy, it has to do it better by ensuring stricter security tests before starting.
Do you think Apple is doing enough to find further developing cyber threats, or are there any additional steps that the company should take to protect its users? Let us know by writing us Cyberguy.com/contact.
Subscribe to my free Cyberguy report newsletter by going more of my tech tips and security warnings Cyberguy.com/newsletter.
Alarm: Malware steals bank cards and passwords of millions of devices.
Ask Kurt a question or let us know which stories you want to treat from us.
Follow Kurt on his social channels:
Answers to the most placed cyberguy questions:
New from Kurt:
Copyright 2025 Cyberguy.com. All rights reserved.
