Apple's New Passwords App Left Users Exposed To Phishing Attacks For Months Due To Serious HTTP Flaw
byAnanya GairolaBenzinga Staff Writer
March 19, 2025 10:05 AM
2 min read
Take Stock Of The Week Ahead

Get all the latest Share Market trends and news to set you up for the week ahead.

Security researchers found that the Passwords app introduced with Apple Inc.'s AAPL iOS 18 was using unencrypted HTTP connections, exposing users to potential phishing attacks until a quiet fix was issued.

What Happened: Apple's standalone Passwords app, launched with iOS 18 as a more user-friendly alternative to Keychain, had a major security oversight.

For nearly three months, the app was fetching website icons and opening password reset pages using unencrypted HTTP connections.

See Also: Apple’s AI Crisis Reaches Boiling Point Ahead Of Top 100 Executive Retreat — Tim Cook And Key Execs Called Out Over Siri Failure By Top Analyst

The flaw was discovered by security researchers at Mysk, who noticed the app had contacted over 130 websites through insecure channels. 

"This left the user vulnerable," the researchers told 9to5Mac. "An attacker with privileged network access could intercept the HTTP request and redirect the user to a phishing website."

In a demo, Mysk showed how attackers on public networks—like coffee shops or airports—could hijack HTTP requests and redirect users to convincing fake login pages.

Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.

Apple quietly fixed the vulnerability in iOS 18.2 in December, enforcing HTTPS by default for all connections within the Passwords app. However, the company only disclosed the issue publicly earlier this week.

Apple did not immediately respond to Benzinga's request for comments.

Why It's Important: Earlier this year, Apple also faced criticism for an alarm issue that persisted even after the release of iOS 18, leaving users oversleeping due to alarms not functioning correctly.

Additionally, a controversial bug in Apple’s AI-powered dictation system replaced the word “racist” with “Trump,” sparking widespread attention. These incidents highlight ongoing challenges Apple faces in maintaining software reliability and security.

In January, Apple released iOS 18.3, which addressed 29 security vulnerabilities, including some that were actively exploited.

Price Action: Apple shares closed Tuesday at $212.69, declining 0.61% during the regular session. However, in after-hours trading, the stock saw a modest increase of 0.15%, according to Benzinga Pro data.

Image via Shutterstock

Check out more of Benzinga’s Consumer Tech coverage by following this link.

Read Next:

Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.

Don't miss a beat on the share market. Get real-time updates on top stock movers and trading ideas on Benzinga India Telegram channel.

© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Comments
NewsTechMediaAppleversebenzinga neuroConsumer TechCybersecurityiOS 18passwordsSoftware & AppsStories That Matter
© 2025 Benzinga | All Rights Reserved