{"id":15677,"date":"2025-03-19T19:23:30","date_gmt":"2025-03-19T18:23:30","guid":{"rendered":"http:\/\/plus.maciejpiasecki.info\/index.php\/2025\/03\/19\/apple-users-passwords-were-exposed-for-months\/"},"modified":"2025-03-19T21:02:51","modified_gmt":"2025-03-19T20:02:51","slug":"apple-users-passwords-were-exposed-for-months","status":"publish","type":"post","link":"https:\/\/plus.maciejpiasecki.info\/index.php\/2025\/03\/19\/apple-users-passwords-were-exposed-for-months\/","title":{"rendered":"Apple users&#039; passwords were exposed for months"},"content":{"rendered":"<p>We don\u2019t hear about massive security issues affecting Apple users, but they do happen. No company is immune to hackers, and this latest bit of news is a doozy. According to a report, an Apple Passwords vulnerability left users\u2019 data exposed over the span of months.<br \/>\nCybersecurity is extremely important. Major companies like Google, Meta, Microsoft, and Apple have a ton of our data on their servers. What makes this worse is that they\u2019re the biggest targets for hackers. Apple is often the biggest fish in the pond, and it\u2019s constantly under attack from cyber criminals.<br \/>\nWell, researchers over at Mysk just discovered an issue with the iOS 18.2 Passwords app that should leave users worried. What\u2019s more worrying is the fact that this vulnerability has been present since December 2024.<br \/>\nAn Apple Passwords vulnerability left users\u2019 data exposed for months<br \/>\nMysk posted a YouTube video on Tuesday showing off this vulnerability and how it could affect users. The Passwords app stores users\u2019 passwords for different services. If you use the app to change a password for a service, it reaches out to that service through a link. That\u2019s pretty standard practice, but the issue is that the app was using the HTTP protocol, which is not secure.<br \/>\nIdeally, the app would reach out to services using the encrypted HTTPS protocol. The problem with using the unencrypted protocol is that a hacker could intercept the traffic coming from the app and send it to a phishing site that can steal the user\u2019s data.<br \/>\nIn the video below, we see that the Mysk researcher was able to send their traffic to a fake phishing site. Obviously, phishing sites aren\u2019t going to have a huge \u201cThis is a phishing website\u201d banner as we saw in the video. In the case of a real phishing site, it would be cleverly disguised to look like a legitimate website.<\/p>\n<p>Thankfully, Apple fixed it<br \/>\nThe company fixed this issue, so make sure you\u2019re using the latest version of the app. While it\u2019s great that Apple patched the issue, it\u2019s still surprising that this Apple Passwords vulnerability existed for three months. There\u2019s no telling how many people could have been negatively affected by it.<br \/>\nThe post Apple users&#8217; passwords were exposed for months appeared first on Android Headlines.&#013;<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/plus.maciejpiasecki.info\/wp-content\/uploads\/2025\/03\/Apple-iPhone-16-Pro-AM-AH-22.jpg\" width=\"1600\" height=\"900\">&#013;<br \/>\nSource: ndroidheadlines.com&#013;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We don\u2019t hear about massive security issues affecting Apple users, but they do happen. No company is immune to hackers, [&hellip;]<\/p>\n","protected":false},"author":27,"featured_media":15678,"comment_status":"false","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bez-kategorii"],"_links":{"self":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts\/15677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/comments?post=15677"}],"version-history":[{"count":1,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts\/15677\/revisions"}],"predecessor-version":[{"id":15679,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts\/15677\/revisions\/15679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/media\/15678"}],"wp:attachment":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/media?parent=15677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/categories?post=15677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/tags?post=15677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}