Close Menu
News JournosNews Journos
  • World
  • U.S. News
  • Business
  • Politics
  • Europe News
  • Finance
  • Turkey Reports
  • Money Watch
  • Health
Facebook X (Twitter) Instagram
Latest Headlines:
  • Nvidia’s Jensen Huang Courts Beijing Amid Renewed Market Access in China
  • Volcanic Eruption in Iceland Forces Evacuation of Tourists from Blue Lagoon as Lava Approaches Grindavik
  • Humanity Faces Significant Losses, Says Spokesperson
  • Gun Seller Backed by Donald Trump Jr. Launches Stock Trading
  • Lightning Strike in New Jersey Leaves 1 Dead, 13 Injured
  • Used EV Batteries Poised to Power AI Growth
  • UK Inflation Data Reveals Key Trends for June
  • Hijacked Small Plane Grounds Flights at Vancouver International Airport
  • Experts Warn of Vulnerabilities in Federal E-Verify System Following Workplace Raids
  • Trial Commences Over Alleged Facebook Privacy Violations Involving CEO and Others
  • Controversy Surrounds Franco-Israeli Singer Amir at Francofolies de Spa Festival
  • Newsom Criticizes Trump’s National Guard Move, Urges Maturity
  • Potential Consequences of Trump’s Dismissal of Fed Chair Powell
  • Prince Harry Honors Diana’s Legacy by Advocating Against Landmines in Angola
  • Tsunami Warning Lowered to Advisory Following 7.2 Magnitude Earthquake near Alaska
  • Goldman Sachs Reports Q2 2025 Earnings Results
  • Rubio Calls Israeli Strike on Damascus a ‘Misunderstanding’ Amid Peace Efforts
  • Complete Skeleton of Medieval Knight Discovered Beneath Former Ice Cream Parlor in Poland
  • James Gunn Discusses “Superman”: Release Date, Character’s Immigrant Story, and Themes of Kindness
  • Assembly Discusses Olive Grove; Tanal’s Brief Action Sparks Varank’s Controversial Remarks
Facebook X (Twitter) Instagram
News JournosNews Journos
Subscribe
Sunday, July 27
  • World
  • U.S. News
  • Business
  • Politics
  • Europe News
  • Finance
  • Turkey Reports
  • Money Watch
  • Health
News JournosNews Journos
Apple and Google Address Passwords App Vulnerability Targeting Wi-Fi Security

Apple and Google Address Passwords App Vulnerability Targeting Wi-Fi Security

News EditorBy News EditorMarch 24, 2025 Tech 7 Mins Read

The recent discovery of a significant security vulnerability in Apple’s built-in password manager app, Passwords, has raised doubts about the security of Apple’s products, which the company has long promoted as synonymous with privacy. Security researchers revealed that the flaw allowed potential phishing attacks for nearly three months, from September to December 2024. The issue stemmed from the app’s use of unencrypted HTTP connections, making it susceptible to hackers exploiting public Wi-Fi networks to redirect users to fraudulent sites that could capture sensitive login credentials. Apple has since addressed the vulnerability, emphasizing the need for users to update their devices and take additional security precautions.

Article Subheadings
1) Overview of the Vulnerability
2) Apple’s Response and Fix
3) Safeguarding Digital Identities
4) How to Update iOS Devices
5) Conclusion and Implications for Users

Overview of the Vulnerability

In September 2024, security researchers from Mysk uncovered a severe flaw in Apple’s Passwords app, which was introduced as part of the iOS 18 update. This vulnerability persisted until December 2024, allowing attackers to exploit the app’s use of unencrypted HTTP connections rather than the more secure HTTPS protocol. The risk was particularly acute for users connecting to public Wi-Fi networks, such as in airports or coffee shops, where attackers could intercept unencrypted requests and redirect users to phishing sites. These sites could easily capture users’ login credentials by masquerading as legitimate platforms, thus compromising sensitive information.

For nearly three months, users of the Passwords app were at risk whenever they accessed accounts over public networks. If an individual were to click on a link, such as “Change Password,” without realizing the network security risks, they could fall victim to a malicious actor who had the ability to mislead them to a fraudulent web page, often indistinguishable from the real one. As no enforcement of HTTPS took place, users may not have been aware of the ongoing risks, resulting in a substantial number of potential credential thefts.

Apple’s Response and Fix

After the vulnerability was reported, Apple took prompt action and released an iOS 18.2 update in December 2024, aimed at addressing the issue. The update shifted all network communications within the Passwords app to enforce HTTPS, safeguarding users against potential interception of their login information. As a result of this patch, it has become significantly more challenging for attackers to execute phishing attempts via this app.

Users are now strongly urged to update their devices to the iOS 18.2 version or later to effectively mitigate the risks associated with this vulnerability. In addition, any users who accessed their passwords over public Wi-Fi during the vulnerability period should consider changing their passwords to enhance security against potential breaches. The quick response from Apple, emphasizing strong security protocols, reflects the company’s ongoing commitment to user safety while acknowledging the gravity of the situation.

Safeguarding Digital Identities

This incident underscores the critical need for all users to adopt more proactive security measures to safeguard their digital identities. Given that Apple’s Passwords app was not sufficiently secure, users should organize their security practices with multiple layers of protection. A suggested initial step is to utilize a reliable third-party password manager, as this could offer a more rugged security framework compared to the default options within Apple’s ecosystem.

Enabling two-factor authentication (2FA) is another highly recommended practice. By adding an extra layer of security, even if hackers manage to obtain a password, they would face additional barriers before gaining access to sensitive accounts. Utilizing authentication apps like Google Authenticator or hardware keys can provide enhanced security compared to SMS-based verification codes, which might be susceptible to interception.

Public Wi-Fi networks present additional vulnerabilities, and it is best to avoid accessing sensitive information when connected to these networks. If public access is necessary, using a Virtual Private Network (VPN) can encrypt your internet traffic, diminishing risks from potential attackers on the same network. Moreover, awareness of phishing attempts by verifying login urls or links before entering credentials adds another line of defense against cyber threats.

How to Update iOS Devices

For users uncertain about how to update their iPhones or iPads to the latest iOS version, the steps are straightforward. To initiate the update process, navigate to the Settings app, tap on General, then select Software Update. This section will indicate whether any updates are available for download and installation. Following these steps ensures that devices are equipped with the latest security patches, helping to improve overall security protocols and mitigate risks from existing vulnerabilities.

Regularly monitoring and maintaining devices is essential in the war against cyber threats. Keeping systems updated helps users stay one step ahead of potential vulnerabilities. Implementing frequent checks for suspicious account activities and reports can alert users to unauthorized access and ensure robust monitoring of their digital activities.

Conclusion and Implications for Users

The prolonged exposure to a security flaw within a prominent app like Apple’s Passwords highlights the need for continual vigilance and proactive measures among users. Although the company has patched the vulnerability, the incident raises critical questions about the effectiveness of security measures currently in place for protecting user data. If Apple wants to maintain its reputation as a leader in privacy and security, it must bolster its commitment to rigorous security checks and ensure timely updates to any vulnerabilities that arise.

Users must also take ownership of their security by integrating additional protective measures into their routines, such as regular updates, employing password managers, and practicing caution on public networks. This proactive approach can greatly diminish risks associated with data breaches and enhance the overall safety of personal information in an increasingly digital landscape.

No. Key Points
1 The Passwords app was vulnerable to phishing attacks for nearly three months.
2 Apple released a fix in December 2024, enforcing HTTPS across the app.
3 Users are urged to update to iOS 18.2 or later for enhanced security.
4 Adopting multi-layered security practices is essential for protecting digital identities.
5 Regular device updates and monitoring suspicious activity can further enhance security.

Summary

The security vulnerability in Apple’s Passwords app serves as a reminder of the challenges that even leading technology companies face in ensuring user privacy and security. As Apple works to bolster its measures following the recent incident, users are encouraged to remain vigilant and proactive in safeguarding their own information. Implementing robust security practices, keeping devices updated, and being aware of potential threats are critical steps in navigating an increasingly complex digital landscape. This incident showcases the need for unity between technology companies and users in the effort to create a more secure online environment for all.

Frequently Asked Questions

Question: What security measures did Apple take to fix the vulnerability?

Apple released an update in December 2024 that enforced HTTPS for all network communications within the Passwords app, closing the loophole that allowed phishing attacks.

Question: How can users check if their devices are secure?

Users can confirm if their devices are updated by going to Settings > General > Software Update to see if they have the latest version of iOS.

Question: What can users do to protect their identities online?

Users should adopt multi-layer security practices including using reputable password managers, enabling two-factor authentication, avoiding public Wi-Fi for sensitive activities, and regularly monitoring their accounts for unusual activity.

address app Apple Artificial Intelligence Blockchain Cloud Computing Consumer Electronics Cybersecurity Data Science E-Commerce Fintech Gadgets Google Innovation Internet of Things Mobile Devices Passwords Programming Robotics security Software Updates Startups targeting Tech Reviews Tech Trends Technology Virtual Reality vulnerability WiFi
News Editor
  • Website

As the News Editor at News Journos, I am dedicated to curating and delivering the latest and most impactful stories across business, finance, politics, technology, and global affairs. With a commitment to journalistic integrity, we provide breaking news, in-depth analysis, and expert insights to keep our readers informed in an ever-changing world. News Journos is your go-to independent news source, ensuring fast, accurate, and reliable reporting on the topics that matter most.

Keep Reading

Tech

Used EV Batteries Poised to Power AI Growth

6 Mins Read
Tech

Qatar Unveils Ambitious 3D-Printed Schools Initiative to Revolutionize Education

5 Mins Read
Tech

Cyborg Beetles Equipped with Backpacks Could Assist in Search and Rescue Operations

1 Min Read
Tech

Scammers Use Landline Identity Theft to Access Bank Accounts

6 Mins Read
Tech

Jack Dorsey Launches Bitchat App for Offline Messaging

5 Mins Read
Tech

Tesla Introduces Off-Grid Solar-Powered Oasis Supercharger

5 Mins Read
Mr Serdar Avatar

Serdar Imren

News Director

Facebook Twitter Instagram
Facebook X (Twitter) Instagram Pinterest
  • About Us
  • Get In Touch
  • Privacy Policy
  • Accessibility
  • Terms and Conditions
© 2025 The News Journos. Designed by The News Journos.

Type above and press Enter to search. Press Esc to cancel.