Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed

by

Apple fixed a bug in its Passwords app with December's iOS 18.2 update that had left users vulnerable to phishing attacks in the three months since the launch of iOS 18.

Generic iOS 18 Passwords Feature
According to an Apple security update spotted by 9to5Mac, the Passwords app was sending unencrypted requests for the logos and icons associated with users' stored passwords.

Without protections of encryption, an attacker on the same Wi-Fi network could redirect a user's browser to a clone phishing site where login details could be stolen. The vulnerability was first discovered by developer Mysk's security researchers and reported in September.

Apple's iOS 18.2 security release notes described the bug like so:

Impact: A user in a privileged network position may be able to leak sensitive information

Description: This issue was addressed by using HTTPS when sending information over the network.


Apple lists the bug in security content updates for the Mac, iPad, and Vision Pro, indicating that this issue was fixed across multiple OSes.

Popular Stories

iOS 26

iOS 26.1 Coming Soon: New Features for Your iPhone and Release Date

Monday October 27, 2025 7:55 am PDT by
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more. Below, we outline key details about iOS 26.1. Release Date Given that Apple has yet to seed an iOS 26.1 Release Candidate, which is typically the final beta version, the...
Read Full Article
iOS 26

6 New Things Your iPhone Can Do in iOS 26.1

Wednesday October 29, 2025 4:22 am PDT by
Apple is about to drop iOS 26.1, the first major point release since iOS 26 was rolled out in September, and there are at least six notable changes and improvements to look forward to. We've rounded them up below. Apple has already provided developers and public beta testers with the release candidate version of iOS 26.1, which means Apple will likely roll out the update to all compatible...
Read Full Article57 comments
maxresdefault

Apple TV 4K Could Still Launch Before 2025 Ends: All the Rumored Features

Monday October 27, 2025 4:51 pm PDT by
Apple is designing an updated version of the Apple TV 4K, and rumors suggest that it could come out sometime in the next couple of months. We're not expecting a major overhaul with design changes, but even a simple chip upgrade will bring major improvements to Apple's set-top box. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up all the latest Apple TV rumors. ...
Read Full Article158 comments
iOS 26

Apple Seeds iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1 Release Candidates

Tuesday October 28, 2025 1:07 pm PDT by
Apple today provided developers and public beta testers with the release candidate versions of upcoming iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, and visionOS 26.1 updates for testing purposes. The RCs betas come a week after Apple released the fourth betas. The new betas can be downloaded from the Settings app on a compatible device by going to General > Software...
Read Full Article64 comments
M6 MacBook Pro Feature 1

M6 MacBook Pro: Release Date, Pricing, and What to Expect

Monday October 27, 2025 9:15 am PDT by
Apple this month refreshed the 14-inch MacBook Pro base model with its new M5 chip, and higher-end 14-inch and 16-inch MacBook Pro models with M5 Pro and M5 Max chips are expected to follow in early 2026. However, these machines will represent the final update to the current design, with Apple reportedly developing a completely new version of the MacBook Pro packed with next-generation hardware...
Read Full Article147 comments
iPhone 17 Pro Cosmic Orange

8 Reasons to Wait for Next Year's iPhone 18 Pro

Thursday October 30, 2025 4:42 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article115 comments
macos tahoe

Here Are Apple's Release Notes for macOS Tahoe 26.1

Tuesday October 28, 2025 1:21 pm PDT by
Apple today provided developers and public beta testers with the release candidate version of macOS Tahoe 26.1, which means the update will likely see a public launch next week. The release candidate includes notes on what's in the update, so we have a full picture of the new features that Apple has included. macOS Tahoe 26.1 adds AutoMix support over AirPlay, improved FaceTime audio...
Read Full Article64 comments
ipad mini 7 feature blue

OLED iPad Mini: Release Date, Pricing, and What to Expect

Wednesday October 29, 2025 7:13 am PDT by
Rumors are stoking excitement for the next-generation iPad mini that Apple is reportedly close to launching. So what should we expect from the successor to the iPad mini 7 that Apple released over a year ago? Read on to find out. Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to...
Read Full Article66 comments
iPhone Car Key Kia

Another Vehicle Brand Gaining iPhone Car Keys Support

Tuesday October 28, 2025 5:27 am PDT by
Apple is preparing to bring support for its digital car key feature to Jetour vehicles, according to evidence uncovered on Apple's backend by MacRumors contributor Aaron Perris. Introduced in 2022, Car Keys allows an iPhone or Apple Watch to unlock a vehicle through the Wallet app. A digital version of a car key is stored in Wallet, and unlocking can be done by holding an Apple Watch or...
Read Full Article15 comments

Top Rated Comments

iBluetooth Avatar
iBluetooth
8 months ago
This bug is so basic that Apple must be embarrassed, as they should have some of their people verify security when they make their first passwords app, which is going to be used by millions ?
Score: 28 Votes (Like | Disagree)
code-m Avatar
code-m
8 months ago
Privacy and Security ?
Score: 13 Votes (Like | Disagree)
wanha Avatar
wanha
8 months ago

If this… and if that… and only if this…. There might be an opportunity to do something.

But it’s fixed now.

When someone comes up who has actually been affected then I’ll join the whingers and complain.

It’s like saying a driver could drive through a red light and cause an accident. But it didn’t happen!!! And until it does.
Did you just say that you'll only complain about people driving through red lights once they cause an accident?
Score: 13 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
8 months ago
And through all the betas of iOS 18 nobody caught this
Score: 12 Votes (Like | Disagree)
code-m Avatar
code-m
8 months ago

This bug is so basic, that Apple must be embarrassed as they should have some of their people verify security when the make their first passwords app, that is going to be used by millions ?
Needs to be on the local wifi network, if you are using public wifi even at school or work the potential of being compromised would be there. If only at home no biggy unless your neighbours are creeps.
Score: 10 Votes (Like | Disagree)
code-m Avatar
code-m
8 months ago

And through all the betas of iOS 18 nobody caught this
What’s surprising is the lack of HTTPS?

For this to work one must have knowledge of the vulnerability then create a fake website and hope the conditions are correct to exploit. Is it possible; yes, is it probable; no
Score: 7 Votes (Like | Disagree)
Read All Comments