- Apple’s password application has been paved after vulnerability was discovered
- The defect left users exposed for three months, experts claim
- Users were at risk of social engineering attacks
An error has been solved in the iOS 18.2 passwords that left users vulnerable to Phishing attacks for more than three months after its launch, has been solved, according to an Apple update.
The defect was discovered after MySK security investigators noticed that the privacy report of the application of their device showed that the password application had contacted 130 different websites on HTTP insecure traffic.
The application used the HTTP protocol instead of a safer HTTPS when opening links and downloading application icons. After additional investigation, the researchers found that the application was also predetermined to open the password restoration pages with the non -intertwined protocol. This left vulnerable users as an attacker “The privileged access of the network could intercept the HTTP application and redirect the user to a Phishing website,” 9TO5MAC researchers said.
Patch now
The risk in this attack is that cybercriminals will use vulnerability to carry out social engineering attacks redirecting victims to insecure websites.
The password application will now use HTTPS for all connections by default, so be sure that your Apple devices are updated and use iOS 18.2 or later.
The investigation has shown that security attacks on password administrators have fired in recent months, with reports that find a triple increase in malware that addresses credentials in passwords.
The attacks are also growing in sophistication, with cybercriminals that prioritize the “complex, prolonged and several stages” delivered attacks “delivered with a new generation of malware. This new malware, such as Infotealers, comes with more persistence, stealth and automation.
The best and most safe password tools will store, generate and automatically generate automatically automatically safely the passwords of their website and application. These can help you create and administer your unique and safe passwords without the discomfort of having to remember each one.
