From iOS 18 when the Passwords app debuted to the iOS 18.2 update, users could have exposed passwords to a bad actor on a privileged network, but you're likely safe.Apple Passwords left users open to targeted phishing attacksApple released iOS 18 in September 2024 with the new Passwords app, but it relied on the less secure HTTP protocol, not HTTPS, when opening links or fetching icons. This meant a bad actor on a privileged network could intercept the HTTP request and redirect users to a fake website and harvest the login.Security research company Mysk uncovered this issue and reported it to Apple in September, and the Passwords app was patched in December with iOS 18.2. That means the vulnerability was live in the wild for those three months and continued to be for anyone running a release prior to iOS 18.2. Continue Reading on AppleInsider | Discuss on our Forums