Published March 24, 2025 10:00am EDT close 'CyberGuy': Is that iPhone app spying? What Apple's App Privacy Report can tell you Tech expert Kurt Knutsson urges you to use Apples App Privacy Report to see what your apps are really up to. Do you remember Apples"Privacy. That's iPhone" marketing campaigns? If youre not aware, the company likes to portray its products as being synonymous with privacy. However, the recent wave of security vulnerabilities affecting iPhones and Macs suggest Apples products may not be as secure as advertised.A recent security blunder only reinforces this point. Security researchers discovered that Apples built-in password manager app, Passwords, was vulnerable to phishing attacks for nearly three months after launch. This meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a lookalike phishing site to steal your login credentials.Stay protected & informed! Get security alerts & expert tech tips sign up for Kurts The CyberGuy Report now. A person holding an iPhone (Kurt "CyberGuy" Knutsson)What you need to knowSecurity researchers atMysk, noticed that Apple's Passwords app, introduced with iOS 18 in September 2024, had a significant security flaw that left users vulnerable to phishing attacks for nearly three months.The app used unencrypted HTTP connections instead of the more secure HTTPS to fetch logos and icons displayed alongside stored passwords. This allowed attackers on the same network, such as public Wi-Fi at a coffee shop or airport, to intercept these requests and potentially redirect users to phishing sites designed to steal login credentials.The issue remained unresolved from iOS 18s launch in September 2024 until Apple fixed it in December 2024, leaving users exposed for nearly three months. If someone opened the Passwords app and tapped a link, like "Change Password," while connected to an insecure network, an attacker could intercept the request and redirect them to a fraudulent site mimicking a legitimate one, such as a fake Yelp login page. Since the app did not enforce HTTPS, users might not notice the switch, putting their sensitive information at risk. A woman on her iPhone (Kurt "CyberGuy" Knutsson)Apple has fixed the issue nowApple addressed the problem after security researchers from Mysk reported it in September 2024. The iOS 18.2 update, released in December, patched the vulnerability by enforcing HTTPS for all network communications within the Passwords app, making it much harder for attackers to intercept or redirect traffic.If youre using an iPhone or iPad with the Passwords app, ensure your device is updated to iOS 18.2 or later. This ensures youre protected from this vulnerability. If you havent updated yet and used the app on public Wi-Fi between September and December 2024, consider changing passwords for any accounts you accessed during that period, just to be safe.How to update the software on your iPhoneFollow the steps to update your iPhone or iPad:Tap onSettingsTap onGeneralTap onSoftware UpdateIf an update is available, it will give you the option to download and install Software update (Kurt "CyberGuy" Knutsson)6 ways you can stay safe from hackers targeting your passwordsApple's recent security blunder with the Passwords app highlights the importance of taking steps to protect your digital identity. Here are some ways you can stay safe from hackers targeting your passwords.1) Use a reliable password manager:Apple apps are generally more secure than third-party options, but the Passwords app clearly wasnt. The fact that the security vulnerability existed for three months before Apple fixed it proves that Apple needs to put more emphasis on keeping customer data secure. Id suggest opting for a reliable password manager instead of relying on Apples offering. Get more details about mybest expert-reviewed password managers of 2025 here.2) Enable two-factor authentication (2FA): Its good to have a password manager, but you know whats even better? 2FA.Adding an extra layer of security with 2FA can prevent hackers from accessing your accounts, even if they steal your password. Use authentication apps like Google Authenticator, Microsoft Authenticator or hardware security keys instead of SMS-based codes, which are vulnerable to SIM-swapping attacks.3) Avoid public Wi-Fi for sensitive activities and use a VPN:Hackers can exploit unsecured public networks to intercept your login credentials. If you must access sensitive accounts onpublic Wi-Fi, use a VPN to encrypt your internet traffic and prevent attackers from snooping on your data. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. A reliable VPN is essential for protecting your online privacy and ensuring a secure, high-speed connection.4) Beware of phishing attacks and install strong antivirus software:You can have all the protection in the world but a phishing email or SMS can still cause havoc. Hackers often use fake login pages to trick you into entering your credentials. Always verify URLs before entering login details, avoid clicking on suspicious links in emails or messages. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.5) Keep your devices updated: Regularlyupdate your devices and software to ensure you have the latest security patches.6) Regularly monitor all your accounts:Monitor your accounts for suspicious activity and report any unusual transactions or login attempts to Apple.Kurt's key takeawayThree months is a long time for a security flaw in a password manager to go unpatched, especially from a company that presents itself as a leader in privacy and security. This incident highlights a troubling reality. Apples security measures are not infallible, and even built-in system apps can expose users to serious risks. While the fix eventually arrived, it should not have taken this long for such a fundamental issue to be addressed. If Apple wants to maintain its privacy-first image, it needs to do better by ensuring more rigorous security testing before launch.Do you think Apple is doing enough to stay ahead of evolving cyber threats or are there additional steps the company should take to protect its users? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading toCyberguy.com/Newsletter.Alert:Malware steals bank cards and passwords from millions of devices.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurts free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.