Security researchers have discovered a security gap in an iOS app at Apple. Particularly surprising: the weak point remained undetected for months.
A recently discovered security gap at Apple's password app has potentially exposed users to the risk of phishing attacks. Security researchers found that the app via unsafe HTTP connections moved into data from 130 websites, which gave fraudsters the opportunity to transfer users to false websites. (via: “9to5mac”)
It was surprising for the researchers that the app did not rely on the safer HTTPS connections right from the start. Although the error was fixed in December, this has only been made public. The current version of the app now uses HTTPS by default to improve security.
iPhone users should now check their iOS version
To be optimally protected, users should ensure that they have installed at least iOS 18.2. This version minimizes the risk that the app will be affected by weaknesses in network attacks.
Public networks, such as in cafes or at airports, offer potential attackers the opportunity to intercept uncertain connections and to redirect users to deceptively real phishing sites in order to steal their access data.
