Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a serious #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492).
The bug also impacts iPadOS and #macOS
Why does this matter? Watch 🎬 :
#cybersecurity #privacy #infosec
https://youtu.be/1vr2e6YeNuc
Mysk🇨🇦🇩🇪 /
npub1hl…cll68
2024-12-11 22:49:39
Author Public Key
npub1hl9dtxzw26qmafjsrg0kjnp82d5lq7e70axmea8qw2qxwv9acfqs6cll68Seen on
wss://relay.nostr.bandPublished at
2024-12-11 22:49:39Event JSON
{
"id": "5833fa2766f048cdc504738b7a4384ae321cc7fa39bc2fe5e271eff2707452bf",
"pubkey": "bfcad5984e5681bea6501a1f694c275369f07b3e7f4dbcf4e072806730bdc241",
"created_at": 1733957379,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"apple"
],
[
"t",
"iOS"
],
[
"t",
"macos"
],
[
"t",
"cybersecurity"
],
[
"t",
"privacy"
],
[
"t",
"infosec"
],
[
"proxy",
"https://mastodon.social/users/mysk/statuses/113636630798700926",
"activitypub"
]
],
"content": "Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a serious #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492). \nThe bug also impacts iPadOS and #macOS\nWhy does this matter? Watch 🎬 :\n#cybersecurity #privacy #infosec\n\nhttps://youtu.be/1vr2e6YeNuc",
"sig": "3476ef69af65e8e02e8ca5c950c65755fd9671c4714177c26501fd435cf4f11c5887394956e7a368566393c6e43a09d9f92eb90c0f73fae890016856b1f474b5"
}