Apple Fixes Passwords App Vulnerability Enabling Wi-Fi Attacks скачать в хорошем качестве

Apple Fixes Passwords App Vulnerability Enabling Wi-Fi Attacks

The company has always tried to associate its devices with security and privacy. However, a recent wave of security vulnerabilities affecting iPhones and Macs raises doubts about how secure their products truly are. A recent incident only strengthens these concerns. Security researchers discovered that Apple's built-in password manager app, Passwords, was vulnerable to phishing attacks for nearly three months after its launch. This meant that an attacker on the same Wi-Fi network as you, like in an airport or coffee shop, could redirect your browser to a fake phishing site to steal your login credentials. Security researchers at Mysk found that Apple’s Passwords app, introduced with iOS 18 in September 2024, had a significant flaw. The app used unencrypted HTTP connections instead of secure HTTPS to fetch logos and icons displayed alongside stored passwords. This allowed attackers on the same network, such as public Wi-Fi at a coffee shop or airport, to intercept these requests and potentially redirect users to phishing sites designed to steal login credentials. The issue remained unresolved from the launch of iOS 18 in September 2024 until Apple fixed it in December 2024, leaving users exposed for nearly three months. If someone opened the Passwords app and clicked a link like "Change Password" while connected to an insecure network, an attacker could intercept the request and redirect them to a fraudulent site pretending to be a legitimate one, such as a fake login page for Yelp.