By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Pew PatriotsPew PatriotsPew Patriots
Notification Show More
Font ResizerAa
  • Home
  • News
  • Tactical
  • Guns and Gear
  • Prepping & Survival
  • Videos
Reading: Apple fixes Passwords app vulnerability enabling Wi-Fi attacks
Share
Font ResizerAa
Pew PatriotsPew Patriots
  • News
  • Tactical
  • Guns and Gear
  • Prepping & Survival
  • Videos
Search
  • Home
  • News
  • Tactical
  • Guns and Gear
  • Prepping & Survival
  • Videos
Have an existing account? Sign In
Follow US
Apple fixes Passwords app vulnerability enabling Wi-Fi attacks
News

Apple fixes Passwords app vulnerability enabling Wi-Fi attacks

Jimmie Dempsey
Last updated: March 24, 2025 2:14 pm
Jimmie Dempsey Published March 24, 2025
Share
SHARE

Do you remember Apple’s “Privacy. That’s iPhone” marketing campaigns? If you’re not aware, the company likes to portray its products as being synonymous with privacy. However, the recent wave of security vulnerabilities affecting iPhones and Macs suggest Apple’s products may not be as secure as advertised.

A recent security blunder only reinforces this point. Security researchers discovered that Apple’s built-in password manager app, Passwords, was vulnerable to phishing attacks for nearly three months after launch. This meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a lookalike phishing site to steal your login credentials.

Stay protected & informed! Get security alerts & expert tech tips – sign up for Kurt’s The CyberGuy Report now.

What you need to know

Security researchers at Mysk, noticed that Apple’s Passwords app, introduced with iOS 18 in September 2024, had a significant security flaw that left users vulnerable to phishing attacks for nearly three months.

The app used unencrypted HTTP connections instead of the more secure HTTPS to fetch logos and icons displayed alongside stored passwords. This allowed attackers on the same network, such as public Wi-Fi at a coffee shop or airport, to intercept these requests and potentially redirect users to phishing sites designed to steal login credentials.

The issue remained unresolved from iOS 18’s launch in September 2024 until Apple fixed it in December 2024, leaving users exposed for nearly three months. If someone opened the Passwords app and tapped a link, like “Change Password,” while connected to an insecure network, an attacker could intercept the request and redirect them to a fraudulent site mimicking a legitimate one, such as a fake Yelp login page. Since the app did not enforce HTTPS, users might not notice the switch, putting their sensitive information at risk.

Apple fixes Passwords app vulnerability enabling Wi-Fi attacks

HOW TO PROTECT AN IPHONE & IPAD FROM MALWARE IN 2025

Apple has fixed the issue now

Apple addressed the problem after security researchers from Mysk reported it in September 2024. The iOS 18.2 update, released in December, patched the vulnerability by enforcing HTTPS for all network communications within the Passwords app, making it much harder for attackers to intercept or redirect traffic.

If you’re using an iPhone or iPad with the Passwords app, ensure your device is updated to iOS 18.2 or later. This ensures you’re protected from this vulnerability. If you haven’t updated yet and used the app on public Wi-Fi between September and December 2024, consider changing passwords for any accounts you accessed during that period, just to be safe. 

How to update the software on your iPhone

Follow the steps to update your iPhone or iPad:

  • Tap on Settings
  • Tap on General
  • Tap on Software Update
  • If an update is available, it will give you the option to download and install
Apple fixes Passwords app vulnerability enabling Wi-Fi attacks

YOUR IPHONE HAS A HIDDEN FOLDER EATING UP STORAGE SPACE WITHOUT YOU EVEN KNOWING

6 ways you can stay safe from hackers targeting your passwords

Apple’s recent security blunder with the Passwords app highlights the importance of taking steps to protect your digital identity. Here are some ways you can stay safe from hackers targeting your passwords.

1) Use a reliable password manager: Apple apps are generally more secure than third-party options, but the Passwords app clearly wasn’t. The fact that the security vulnerability existed for three months before Apple fixed it proves that Apple needs to put more emphasis on keeping customer data secure. I’d suggest opting for a reliable password manager instead of relying on Apple’s offering. Get more details about my best expert-reviewed password managers of 2025 here.

2) Enable two-factor authentication (2FA): It’s good to have a password manager, but you know what’s even better? 2FA. Adding an extra layer of security with 2FA can prevent hackers from accessing your accounts, even if they steal your password. Use authentication apps like Google Authenticator, Microsoft Authenticator or hardware security keys instead of SMS-based codes, which are vulnerable to SIM-swapping attacks.

3) Avoid public Wi-Fi for sensitive activities and use a VPN: Hackers can exploit unsecured public networks to intercept your login credentials. If you must access sensitive accounts on public Wi-Fi, use a VPN to encrypt your internet traffic and prevent attackers from snooping on your data. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. A reliable VPN is essential for protecting your online privacy and ensuring a secure, high-speed connection. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

4) Beware of phishing attacks and install strong antivirus software: You can have all the protection in the world but a phishing email or SMS can still cause havoc. Hackers often use fake login pages to trick you into entering your credentials. Always verify URLs before entering login details, avoid clicking on suspicious links in emails or messages. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5) Keep your devices updated: Regularly update your devices and software to ensure you have the latest security patches.

6) Regularly monitor all your accounts: Monitor your accounts for suspicious activity and report any unusual transactions or login attempts to Apple.

APPLE RELEASES EMERGENCY SECURITY UPDATE FOR SERIOUS VULNERABILITY

Kurt’s key takeaway

Three months is a long time for a security flaw in a password manager to go unpatched, especially from a company that presents itself as a leader in privacy and security. This incident highlights a troubling reality. Apple’s security measures are not infallible, and even built-in system apps can expose users to serious risks. While the fix eventually arrived, it should not have taken this long for such a fundamental issue to be addressed. If Apple wants to maintain its privacy-first image, it needs to do better by ensuring more rigorous security testing before launch.

Do you think Apple is doing enough to stay ahead of evolving cyber threats or are there additional steps the company should take to protect its users? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Alert: Malware steals bank cards and passwords from millions of devices.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Read the full article here

You Might Also Like

Canadian leader meets with Trump at Mar-a-Lago to discusses energy relationship

The top 3 factors heightening the risk of terror attacks on the homeland

Ex-Pelosi aide accuses Hakeem Jeffries of ‘squandering’ anti-Trump opportunities in stunning rebuke

‘Mississippi Musk’: State auditor’s MOGE report finds $400M in government waste

‘007’ series in turmoil as producers, Amazon can’t agree on franchise: ‘I don’t think James Bond is a hero’

Share This Article
Facebook Twitter Email Print
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

We Recommend
USA Fencing transgender controversy escalates at DOGE hearing with social media regrets, calls for resignation
News

USA Fencing transgender controversy escalates at DOGE hearing with social media regrets, calls for resignation

Jimmie Dempsey Jimmie Dempsey May 9, 2025
I Carry: Springfield Armory TRP 1911 AOS Pistol in an ANR Design Holster
Charles Barkley expresses concern about how Jordon Hudson is affecting Bill Belichick’s legacy
Biden stumbles over question about Harris’ timetable to win after he dropped out of race
Republican DA bucks blue state’s ‘broken sentencing’ with tough-on-crime approach
DHS defends ICE detainment of Georgia college student who violated traffic laws: ‘Not ignoring rule of law’
Randy Travis stages stunning comeback with help from AI after devastating stroke
News

Randy Travis stages stunning comeback with help from AI after devastating stroke

Jimmie Dempsey Jimmie Dempsey May 9, 2025
Amtrak bilked out of M by at least 119 employees, doctors in fraud scheme; many still on the job: report
News

Amtrak bilked out of $12M by at least 119 employees, doctors in fraud scheme; many still on the job: report

Jimmie Dempsey Jimmie Dempsey May 9, 2025
State trooper points to possible weapon in John O’Keefe death – and it’s not Karen Read’s car
News

State trooper points to possible weapon in John O’Keefe death – and it’s not Karen Read’s car

Jimmie Dempsey Jimmie Dempsey May 9, 2025
Pew Patriots
  • News
  • Tactical
  • Prepping & Survival
  • Guns and Gear
  • Videos
  • Blog
2024 © Pew Patriots. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?