Do you keep in mind Apple’s “Privacy. That’s iPhone” advertising campaigns? In case you’re not conscious, the corporate likes to painting its merchandise as being synonymous with privateness. Nonetheless, the latest wave of safety vulnerabilities affecting iPhones and Macs recommend Apple’s merchandise is probably not as safe as marketed.
A latest safety blunder solely reinforces this level. Safety researchers found that Apple’s built-in password supervisor app, Passwords, was susceptible to phishing assaults for almost three months after launch. This meant an attacker on the identical Wi-Fi community as you, like at an airport or espresso store, may redirect your browser to a lookalike phishing website to steal your login credentials.
An individual holding an iPhone (Kurt “CyberGuy” Knutsson)
What it’s essential know
Safety researchers at Mysk, observed that Apple’s Passwords app, launched with iOS 18 in September 2024, had a major safety flaw that left customers susceptible to phishing assaults for almost three months.
The app used unencrypted HTTP connections as a substitute of the safer HTTPS to fetch logos and icons displayed alongside saved passwords. This allowed attackers on the identical community, reminiscent of public Wi-Fi at a espresso store or airport, to intercept these requests and doubtlessly redirect customers to phishing websites designed to steal login credentials.
The problem remained unresolved from iOS 18’s launch in September 2024 till Apple fastened it in December 2024, leaving customers uncovered for almost three months. If somebody opened the Passwords app and tapped a hyperlink, like “Change Password,” whereas related to an insecure community, an attacker may intercept the request and redirect them to a fraudulent website mimicking a authentic one, reminiscent of a pretend Yelp login web page. Because the app didn’t implement HTTPS, customers won’t discover the change, placing their delicate info in danger.
A lady on her iPhone (Kurt “CyberGuy” Knutsson)
HOW TO PROTECT AN IPHONE & IPAD FROM MALWARE IN 2025
Apple has fastened the problem now
Apple addressed the issue after safety researchers from Mysk reported it in September 2024. The iOS 18.2 replace, launched in December, patched the vulnerability by imposing HTTPS for all community communications inside the Passwords app, making it a lot more durable for attackers to intercept or redirect site visitors.
In case you’re utilizing an iPhone or iPad with the Passwords app, guarantee your system is up to date to iOS 18.2 or later. This ensures you’re protected against this vulnerability. In case you haven’t up to date but and used the app on public Wi-Fi between September and December 2024, contemplate altering passwords for any accounts you accessed throughout that interval, simply to be protected.
The right way to replace the software program in your iPhone
Comply with the steps to replace your iPhone or iPad:
- Faucet on Settings
- Faucet on Common
- Faucet on Software program Replace
- If an replace is accessible, it will provide you with the choice to obtain and set up
Software program replace (Kurt “CyberGuy” Knutsson)
YOUR IPHONE HAS A HIDDEN FOLDER EATING UP STORAGE SPACE WITHOUT YOU EVEN KNOWING
6 methods you may keep protected from hackers concentrating on your passwords
Apple’s latest safety blunder with the Passwords app highlights the significance of taking steps to guard your digital id. Listed here are some methods you may keep protected from hackers concentrating on your passwords.
1) Use a dependable password supervisor: Apple apps are typically safer than third-party choices, however the Passwords app clearly wasn’t. The truth that the safety vulnerability existed for 3 months earlier than Apple fastened it proves that Apple must put extra emphasis on maintaining buyer knowledge safe. I’d recommend choosing a dependable password supervisor as a substitute of counting on Apple’s providing. Get extra particulars about my finest expert-reviewed password managers of 2025 right here.
2) Allow two-factor authentication (2FA): It’s good to have a password supervisor, however what’s even higher? 2FA. Including an additional layer of safety with 2FA can stop hackers from accessing your accounts, even when they steal your password. Use authentication apps like Google Authenticator, Microsoft Authenticator or {hardware} safety keys as a substitute of SMS-based codes, that are susceptible to SIM-swapping assaults.
3) Keep away from public Wi-Fi for delicate actions and use a VPN: Hackers can exploit unsecured public networks to intercept your login credentials. In case you should entry delicate accounts on public Wi-Fi, use a VPN to encrypt your web site visitors and stop attackers from snooping in your knowledge. VPNs will shield you from those that need to observe and determine your potential location and the web sites that you just go to. A dependable VPN is crucial for shielding your on-line privateness and guaranteeing a safe, high-speed connection. For the most effective VPN software program, see my knowledgeable evaluate of the most effective VPNs for shopping the net privately in your Home windows, Mac, Android and iOS units.
4) Watch out for phishing assaults and set up sturdy antivirus software program: You may have all of the safety on the planet however a phishing e-mail or SMS can nonetheless trigger havoc. Hackers usually use pretend login pages to trick you into coming into your credentials. At all times confirm URLs earlier than coming into login particulars, keep away from clicking on suspicious hyperlinks in emails or messages. One of the simplest ways to safeguard your self from malicious hyperlinks is to have antivirus software program put in on all of your units. This safety may also warn you to phishing emails and ransomware scams, maintaining your private info and digital belongings protected. Get my picks for the most effective 2025 antivirus safety winners on your Home windows, Mac, Android and iOS units.
5) Preserve your units up to date: Usually replace your units and software program to make sure you have the newest safety patches.
6) Usually monitor all of your accounts: Monitor your accounts for suspicious exercise and report any uncommon transactions or login makes an attempt to Apple.
APPLE RELEASES EMERGENCY SECURITY UPDATE FOR SERIOUS VULNERABILITY
Kurt’s key takeaway
Three months is a very long time for a safety flaw in a password supervisor to go unpatched, particularly from an organization that presents itself as a frontrunner in privateness and safety. This incident highlights a troubling actuality. Apple’s safety measures aren’t infallible, and even built-in system apps can expose customers to severe dangers. Whereas the repair finally arrived, it shouldn’t have taken this lengthy for such a elementary situation to be addressed. If Apple desires to take care of its privacy-first picture, it must do higher by guaranteeing extra rigorous safety testing earlier than launch.
Do you assume Apple is doing sufficient to remain forward of evolving cyber threats or are there further steps the corporate ought to take to guard its customers? Tell us by writing us at Cyberguy.com/Contact.
For extra of my tech ideas and safety alerts, subscribe to my free CyberGuy Report Publication by heading to Cyberguy.com/Publication.
Alert: Malware steals financial institution playing cards and passwords from tens of millions of units.
Ask Kurt a query or tell us what tales you would like us to cowl.
Comply with Kurt on his social channels:
Solutions to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
