Security researchers found that the Passwords app introduced with Apple Inc.'s AAPL iOS 18 was using unencrypted HTTP connections, exposing users to potential phishing attacks until a quiet fix was issued.
What Happened: Apple's standalone Passwords app, launched with iOS 18 as a more user-friendly alternative to Keychain, had a major security oversight.
For nearly three months, the app was fetching website icons and opening password reset pages using unencrypted HTTP connections.
The flaw was discovered by security researchers at Mysk, who noticed the app had contacted over 130 websites through insecure channels.
"This left the user vulnerable," the researchers told 9to5Mac. "An attacker with privileged network access could intercept the HTTP request and redirect the user to a phishing website."
In a demo, Mysk showed how attackers on public networks—like coffee shops or airports—could hijack HTTP requests and redirect users to convincing fake login pages.
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
Apple quietly fixed the vulnerability in iOS 18.2 in December, enforcing HTTPS by default for all connections within the Passwords app. However, the company only disclosed the issue publicly earlier this week.
Apple did not immediately respond to Benzinga's request for comments.
Why It's Important: Earlier this year, Apple also faced criticism for an alarm issue that persisted even after the release of iOS 18, leaving users oversleeping due to alarms not functioning correctly.
Additionally, a controversial bug in Apple’s AI-powered dictation system replaced the word “racist” with “Trump,” sparking widespread attention. These incidents highlight ongoing challenges Apple faces in maintaining software reliability and security.
In January, Apple released iOS 18.3, which addressed 29 security vulnerabilities, including some that were actively exploited.
Price Action: Apple shares closed Tuesday at $212.69, declining 0.61% during the regular session. However, in after-hours trading, the stock saw a modest increase of 0.15%, according to Benzinga Pro data.
Image via Shutterstock
Check out more of Benzinga’s Consumer Tech coverage by following this link.
Read Next:
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Edge Rankings
Price Trend
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
