I remember Apple’s “privacy.” Is it an iPhone marketing campaign? If you are not aware, the company prefers to portray the product as synonymous with privacy. However, the recent wave of security vulnerabilities affecting iPhones and Macs suggests that Apple’s products may not be as secure as they are advertised.
Recent security failures only bolster this point. Security researchers have discovered that Password, Apple’s built-in password manager app, is vulnerable to phishing attacks for nearly three months since its launch. This meant that like airports and coffee shops, an attacker on the same Wi-Fi network as you could redirect your browser to a visual phishing site and steal your login credentials.
People who have an iPhone (Kurt “Cyberguy” Knutsson)
What you need to know
Security researcher of MySkWe noticed that Apple’s password app, introduced in iOS 18 in September 2024, has a serious security flaw that left users vulnerable to nearly three months of phishing attacks.
The app used an unencrypted HTTP connection rather than a more secure HTTPS to get the logo and icon that appears along with the saved password. This could have caused attackers on the same network, such as coffee shops and public Wi-Fi at airports, to intercept these requests and redirect users to phishing sites designed to steal login credentials.
This issue was not resolved until the release of iOS 18 in September 2024 until Apple was fixed in December 2024, and users were exposed for nearly three months. If someone opens the Passwords app and taps a link like “Change password”, while connecting to an unstable network, an attacker can intercept the request and redirect to a rogue site that mimics legitimate sites, such as a fake Yelp login page. The app didn’t force HTTPS, so users might not notice the switch and put sensitive information at risk.
Woman on her iPhone (Kurt “Cyberguy” Knutsson)
How to Protect Your iPhone and iPad from Malware in 2025
Apple has just fixed the issue
Apple addressed the issue after a report was made in September 2024 by security researchers at MYSK. The iOS 18.2 update, released in December, patched the vulnerability by forcing HTTPS for all network communications within the password app, making it much more difficult for attackers to intercept or redirect traffic.
If you are using an iPhone or iPad with the Password App, make sure your device is updated to iOS 18.2 or later. This protects you from this vulnerability. If you have used the app on Wi-Fi, which has not yet been updated and was published between September and December 2024, consider safely changing the password for the accounts you accessed during that period.
How to update software on your iPhone
Follow the instructions to update your iPhone or iPad.
- Tap setting
- Tap General
- Tap Software Updates
- If an update is available, you will be provided with the option to download and install it
Software Updates (Kurt “Cyberguy” Knutsson)
Your iPhone has a hidden folder that eats storage space even if you don’t know
Six ways to stay safe from password-targeted hackers
Recent security failures with Apple’s password apps underscore the importance of taking steps to protect your digital identity. Below are some ways you can stay safe from password-targeted hackers:
1) Use a trusted password manager. The Apple app is usually more secure than the third-party options, but password apps clearly not. The fact that a security vulnerability existed for three months before Apple was fixed proves that Apple needs to focus more on keeping customer data safe. Instead of relying on Apple’s offering, we recommend choosing a trusted password manager. Get my details Find the best expert reviewed password managers of 2025 here.
2) Enable 2-factor authentication (2FA): It’s good to have a password manager, but do you know that it’s even better? 2FA. Add an additional layer of security in 2FA Even if a hacker steals your password, it can prevent hackers from accessing your account. Instead of SMS-based code, use authentication apps such as Google Authenticator, Microsoft Authenticator, and Hardware Security Keys.
3) Avoid exposed Wi-Fi for sensitive activities and use a VPN. Hackers can leverage unsecured public networks to intercept login credentials. If you need to access a confidential account Public Wi-Fiencrypts internet traffic using a VPN to prevent attackers from sn-logging data. A VPN protects you from those who want to track and identify potential locations and websites you visit. A trusted VPN is essential to protect your online privacy and ensuring a secure, fast connection. For the best VPN software, see my expert review of the best VPNs for your personal browsing the web Windows, Mac, Android, and iOS devices.
4) Beware of phishing attacks and install powerful antivirus software. You can have all the protections in the world, but phishing emails or SMS can still cause havoc. Hackers often use fake login pages to enter their credentials. Always check the URL before entering your login details and do not click suspicious links in emails or messages. The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection can also warn you that it will phish email and ransomware scams and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
5) Keep your device up to date: Regularly Update your devices and software Make sure you have the latest security patches.
6) Monitor all accounts regularly. Monitor your account for suspicious activity and report abnormal transactions or attempts to log in to Apple.
Apple releases emergency security updates for serious vulnerabilities
Important points of cart
Three months is that the security flaws in password managers are not patching password manager patches, especially from companies that present themselves as privacy and security leaders. This incident highlights a troublesome reality. Apple’s security measures can undoubtedly put users at serious risk, even built-in system apps. Eventually the fixes arrived, but it didn’t take this long to address such a fundamental issue. If Apple wants to maintain a privacy-first image, it needs to do better by ensuring stricter security tests before launch.
Do you think Apple is doing enough to stay ahead of the evolving cyber threats, or are there any additional steps the company should take to protect its users? Write us and let us know cyberguy.com/contact.
For more information about my tech tips and security alerts, sign up for our free Cyberguy Report Newsletter cyberguy.com/newsletter.
Alerts: Malware steals bank cards and passwords from millions of devices.
Ask us a question in our cart or let us know what you want us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
