Small correction: iPhone users were vulnerable to phishing attacks for years, not months.
Apple Passwords had been using insecure HTTP by default since the feature to detect compromised passwords was introduced in iOS 14. The dedicated Passwords app in iOS 18 was essentially a repackaging of the old password manager that was in the Settings, and it carried along all of its bugs.
https://www.macrumors.com/2025/03/19/apple-passwords-app-phishing-vulnerability/
Mysk🇨🇦🇩🇪 /
npub1hl…cll68
2025-03-19 13:05:15
Author Public Key
npub1hl9dtxzw26qmafjsrg0kjnp82d5lq7e70axmea8qw2qxwv9acfqs6cll68Seen on
wss://relay.nostr.bandPublished at
2025-03-19 13:05:15Event JSON
{
"id": "1a4e713bf39e749e421596af788ecad48fa57f0f182b9220760dc1c043b33f56",
"pubkey": "bfcad5984e5681bea6501a1f694c275369f07b3e7f4dbcf4e072806730bdc241",
"created_at": 1742389515,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/mysk/statuses/114189239286678360",
"activitypub"
]
],
"content": "Small correction: iPhone users were vulnerable to phishing attacks for years, not months.\n\nApple Passwords had been using insecure HTTP by default since the feature to detect compromised passwords was introduced in iOS 14. The dedicated Passwords app in iOS 18 was essentially a repackaging of the old password manager that was in the Settings, and it carried along all of its bugs.\n\nhttps://www.macrumors.com/2025/03/19/apple-passwords-app-phishing-vulnerability/",
"sig": "f28851e4b1a4ae92ee2a1bbc2810b7e8d650842e83c05fe2198d4bd48bd7368fee77cffe50a5065f94dc0919c13dc8b9ef80689711b7e039eca348152e07237b"
}