Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
An error in the iOS Password app iphone Users were sensitive to potential phishing attacks, probably after the years have been fixed.
In a note of the safety pageApple described the issue as “a user who can be leaked by sensitive information in a privileged network position.” The problem was fixed using HTTPS when sending information over the network.
The error discovered first by security researchers in Mysk, left behind in September, but it turned out that it was invented in several months. Wednesday, in one tweet, Musk said Apple Passwords used an invalid HTTP in the IOS 14 in IOS 14 in 2020.
“iPhone users have been sensitive to the attacks of Fish, not months, not months,” The application of special passwords in the IOS 18 was actually made with the repetition of the old Password manager in parameters. “
He said the victim of this mistake was very low. There were also security updates for other products, including Bug, Mac, iPad and Vision Pro.
At the start of a YouTube video Send Mysk, researchers opened the links to the IOS 18 password app, and insecure, making it sensitive to Phishing attacks, showed how HTTP account signs were opened. The video stressed how the network access can be required to demand and direct an aggressor to a malicious site.
According to 9to5macThe issue creates a problem when the user is in the same network as the aggressive is in a coffee shop or airport, cuts the HTTP request before redirecting.
Apple did not respond to a request for comments on the issue or provide additional information.
MySK said that the mistakes were not suitable for a monetary grace, because the impact did not meet the criteria or did not fall into any of the appropriate categories.
“Yes, it feels like doing charitable work for a $ 3 trillion company” company tweeted. “We did not do this in the first place, but it shows how Apple evaluates independent researchers. September 2024 has spent a lot of time since September.
A potential security slipup
Safety Analyst in the ABI research, Georgia Cooke called the topic of “small fries.”
“It really is the hell of a slower apple,” Cooke said. “This is a weakness that demonstrates failure in the main security protocols, which requires limited sophistication of the main security protocols.”
According to Cooke, most people probably do not enter this issue, because it requires a very special set of cases as you choose to update your entry from A Password managerIt does not matter if you do this in a public network and are redirected. He said so important why your devices are regularly updated.
He added that people can take additional steps to protect themselves in such vulnerabilities, especially in shared networks. This includes routing device traffic through a Virtual private networkPrevent sensitive operations such as credit changes in public Wi-Fi and not to use passwords.
