Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch

In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called Passwords. It was the company’s first move at making credential management more convenient for users. It’s now been revealed that a serious HTTP bug left Passwords users vulnerable to phishing attacks for nearly three months, from the initial release of iOS 18 until the patch in iOS 18.2. more…

Mar 18, 2025 - 18:48
 0
Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch

In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called Passwords. It was the company’s first move at making credential management more convenient for users. It’s now been revealed that a serious HTTP bug left Passwords users vulnerable to phishing attacks for nearly three months, from the initial release of iOS 18 until the patch in iOS 18.2. more…