Apple fixes the application of password application by enabling Wi-Fi attacks

Do you remember “Privacy Marketing campaigns. That is Apple iPhone”? If it is not aware, the company likes to portray its products as a synonym for privacy. However, the recent wave of security vulnerabilities that affect iPhones and Macs suggest that Apple products may not be as safe as it is announced.

A recent security error only reinforces this point. Security investigators discovered that the application of the built -in password administrator, passwords, was vulnerable to Phishing attacks for almost three months after launch. This meant that an attacker in the same Wi-Fi network as you, as in an airport or cafeteria shop, could redirect your browser to a similar phishing site to steal your login credentials.

Stay protected and informed! Get security alerts and expert technology advice: register in the Kurt Cyberguy report now.

What you need to know

MySK security researchers noticed that Apple’s password application, presented with iOS 18 in September 2024, had a significant security defect that left users vulnerable to Phishing attacks for almost three months.

The application used HTTP connections without encrypting instead of the safest HTTP to obtain logos and icons that are shown together with the stored passwords. This allowed the attackers in the same network, such as public Wi-Fi in a cafeteria or airport, intercepted these requests and potentially redirect users to the phishing sites designed to steal login credentials.

The problem remained unsolved from the launch of iOS 18 in September 2024 until Apple fixed it in December 2024, leaving users exposed for almost three months. If someone opened the password application and took advantage of a link, such as “change password”, while connected to an insecure network, an attacker could intercept the application and redirect them to a fraudulent site imitating a legitimate one, as a login page of false Yelp. Since the application did not apply HTTPS, users may not notice the switch, putting their confidential information at risk.

How to protect an iPhone and an iPad from malware in 2025

Apple has solved the problem now

Apple approached the problem after mysk security researchers reported it in September 2024. The update of iOS 18.2, published in December, poured vulnerability by enforcing HTTP for all network communications within the password application, which makes it much more difficult for attackers to intercept or redirect traffic.

If you are using an iPhone or iPad with the passwords application, make sure your device is updated to iOS 18.2 or later. This ensures that it is protected from this vulnerability. If you have not yet updated and used the public Wi-Fi application between September and December 2024, consider changing the passwords for any account to access during that period, just to be sure.

How to update the software on your iPhone

Follow the steps to update your iPhone or iPad:

• Leverage Settings
• Leverage General
• Leverage Software update
• If there is an available update, you will give you the option to download and install

Your iPhone has a hidden folder that eats storage space without you knowing

6 ways in which you can keep safe from computer pirates aimed at their passwords

Apple’s recent security error with the Passwords application highlights the importance of taking measures to protect your digital identity. Here are some ways in which you can keep safe from computer pirates aimed at their passwords.

1) Use a reliable password administrator: Apple applications are generally safer than third -party options, but the password application clearly. The fact that security vulnerability existed for three months before Apple fixes it, shows that Apple needs to put more emphasis on keeping customer data safe. I would suggest opting a reliable password administrator instead of trusting Apple’s offer. Get more details about me The best password administrators reviewed by experts of 2025 here.

2) enable two factors authentication (2FA): It is good to have a password administrator, but do you know what is even better? 2fa. Add an additional security layer with 2FA You can prevent computer pirates from accessing their accounts, even if they steal their password. Use authentication applications such as Google Authenticator, Microsoft Authenticator or Hardware Security Keys instead of SMS -based codes, which are vulnerable to SIM exchange attacks.

3) Avoid public Wi-Fi for sensitive activities and use a VPN: Computer pirates can exploit unwanted public networks to intercept their login credentials. If you must access confidential accounts in Public wi-fiuse a VPN to encrypt your Internet traffic and prevent attackers from making your data. The VPNs will protect it from those who wish to track and identify their potential location and the websites that visit. A reliable VPN is essential to protect your online privacy and guarantee a safe high -speed connection. To obtain the best VPN software, see my expert review of the best VPN to navigate the web in private in your Windows, Mac, Android and iOS devices.

4) Be careful with phishing attacks and install strong antivirus software: It can have all the protection of the world, but a Phishing or SMS email can still wreak havoc. Computer pirates often use false login pages to deceive it to enter their credentials. Always check the URL before entering the login details, avoid clicking suspicious links in emails or messages. The best way to safeguard the malicious links is to have the antivirus software on all its devices installed. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets. Get my elections for the best antivirus protection winners 2025 for your Windows, Mac, Android and iOS devices.

5) Keep your updated devices: Regularly Update your devices and software to make sure you have the last security patches.

6) Regularly monitor all your accounts: Monitor your accounts for suspicious activity and report any unusual transaction or login attempt for Apple.

Apple publishes the emergency security update for severe vulnerability

Kurt key takeway

Three months is a long time for a security defect in a password administrator not to look, especially a company that is presented as a privacy and security leader. This incident highlights a worrying reality. Apple security measures are not infallible, and even incorporated system applications can expose users to serious risks. While the solution finally came, it should not have taken so long to address such a fundamental problem. If Apple wants to maintain its privacy image first, you must make it better guaranteeing more rigorous security tests before launch.

Do you think Apple is doing enough to stay at the forefront of evolving cyber threats or there are additional steps that the company should take to protect its users? Get us knowing in Cyberguy.com/contact.

To obtain more technological tips and safety alerts, subscribe to my free Cyberguy Report newsletter when you head Cyberguy.com/newsletter.

Alert: Malware steals bank cards and passwords from millions of devices.

Ask Kurt a question or let us know what stories we would like to cover.

Follow Kurt in his social channels:

• Facebook
• YouTube
• Instagram

Answers to the most informed Cyberguys questions:

• What is the best way to protect your MAC devices, Windows, iPhone and Android to be pirate?
• What is the best way to stay private, safe and anonymous while navigating the web?
• How can I get rid of robocalls with data elimination applications and services?
• How do I eliminate my private internet data?

New Kurt:

• Try the new Cyberguy games (crosswords, words searches, trivia and more!)
• Cyberguy exclusive coupons and offers

Copyright 2025 Cyberguy.com. All rights reserved.