Demand PasswordsThat Apple has introduced to simplify the management of identification information on its devices, was the center of recent controversy after discovering a serious vulnerability.
Researchers from the MYSBER Cybersecurity Company found that the tool exposed thousands of users to possible phishing attacks due to its use of HTTP connections without encryption. To find out more about how to avoid being the victim of these threats, you can read how Apple helps us identify their legitimate emails and avoid phishing.
This security gap would have been operational for several months, allowing attackers to access the interception of the network and to modify password restoration applications. This means that, under certain conditions, a user could have been redirected without making a false page designed to steal their identification information.
How the phishing attack worked
According to the analysis of the MySk expert, the problem was that the application Information requested on stored services without guaranteeing a safe connection. In simple terms, any striker connected to the same Wi-Fi network could intercept traffic and insert a fraudulent page instead of the legitimate site. This type of attack is frequent, as mentioned in the context of iPhone users who are subject to massive phishing.
This attack could have been carried out in a simple way in public networks, such as cafes or airports, where cybernetic criminals generally track the most dismissed victims. Once the user has entered the false page, the information was in the hands of the attacker, who could use it to illegally access their accounts.
Apple reacts with a solution in iOS 18.2
Although the problem has been revealed recently, Apple corrected vulnerability in December with update iOS 18.2. The solution implemented was the compulsory adoption of the protocol Https In application connections, which prevents attackers from exploiting the security gap. However, it is important to remember that online security also requires good practices, as you can read on safety advice for your iPhone.
However, the fact that this vulnerability has existed for so long without being detected raises doubts about Apple's security checks in its new applications. The company did not publicly point out the problem as long as the researchers stressed, which aroused concerns among users and cybersecurity experts.
The risks of blinding to trust password managers
These types of failures question reliability password managers integrated into operating systems. Although tools such as Apple passwords offer comfort and greater security in many aspects, No solution is completely infallible. The general recommendation remains to have the authentication of two factors (2FA) in all critical accounts, which adds a Additional protective layer In the event that identification information is compromised, in particular because it is essential to use the authentication of two factors to protect critical accounts such as iCloud.
In addition, it is essential that users keep their devices up to date with the most recent versions of iOS, because many of these vulnerabilities are only corrected with Software updates. Apple has strengthened the protocol of its application, but those who have not updated their operating system could always be exposed to the problem.
Safety leaks and gaps are a constant in the digital world, which underlines the need always pay attention to possible risks. This incident with Apple password application recalls that even safer tools can fail at some point. The best defense remains the combination of good cybersecurity practices and the use of advanced protective technologies.
Related article:
Apple helps us identify its legitimate emails and avoid phishing
