Breaking
December 12, 2024

Apple fixes Passwords app security bug with new 18.2 update chiara.castro@futurenet.com (Chiara Castro) | usagoldmines.com

Apple has finally fixed a security bug with its new password manager app which could have put your data at risk.

The provider first introduced Passwords with the long-awaited iOS 18 update as a built-in application to help you manage your login details and alert you if they’re compromised in a data breach. Developer and security researcher Tommy Mysk, however, found a vulnerability in its system soon after the launch.

Apple confirmed that the new 18.2 operating system update has solved the issue that an attacker could have exploited to “alter network traffic. ” Mysk now urges everyone to upgrade all their Apple devices to the latest version to patch the critical issue as soon as possible.

iOS 18.2 security update

“Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries – a potential security risk. We reported this bug to Apple in September, and it’s finally fixed in iOS 18.2 (CVE-2024-54492),” Mysk wrote on X on Wednesday, December 11, 2024.

HTTP (Hypertext Transfer Protocol) refers to a set of rules that allow us to communicate data on the Internet and is used to load webpages. As the iOS expert explains (see video below), malicious networks can easily intercept and manipulate insecure HTTP.

The problem was that every time you added a new password, Passwords got the account’s icon from the added website (say, gmail.com, for example) and called the website over the insecure HTTP protocol.

“This malicious network overwrites the response to return a custom icon,” said Mysk. “Passwords picked the custom icon and showed it in the app. This could be a malicious payload.”

“This issue was addressed by using HTTPS when sending information over the network,” confirmed Apple in its 18.2 security update release.

The Passwords fix is now available for all devices (iPhone and iPad 18.2, as well as macOS Sequoia 15.2) after upgrading to the latest version.

Mysk urges everyone to upgrade their devices as soon as possible, noting that also another security company, Tenable, classified the vulnerability as “critical.”

The 18.2 update isn’t just about fixing vulnerabilities, though. The release is probably the biggest Apple Intelligence upgrade for iPhone, iPad, and Mac so far, in fact, bringing some of the most-anticipated Apple AI features to devices including Genmoji, Image Playground, and a ChatGPT-powered Siri.

Most notably, Apple Intelligence finally extends its support for Australia, Canada, Ireland, New Zealand, South Africa, and the UK.

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

YouTube TV is hiking its monthly price, again | usagoldmines.com
This 27-inch Dell IPS gaming monitor is an incredible $150 today | usagoldmines.com
Here’s All the Cool Stuff Android XR Wants to Do Kellen | usagoldmines.com
The Best Chrome Extensions of 2024, According to Google Pranay Parab | usagoldmines.com
The ‘Magic Basket’ Method Breaks Decluttering Into Two Manageable Steps Lindsey Ellefson | usagoldmi...
New Mac Pro and an 'Extreme' Chip: Here's What the Latest Rumors Say Joe Rossignol | usagoldmines.co...
Haunted Chocolatier - everything we know elie.gould@futurenet.com (Elie Gould) | usagoldmines.com
Comcast plans to launch another streaming service in 2025 – here's what that means for Peacock | us...
Another major WordPress plugin has been hacked to try and hijack your sites | usagoldmines.com
Wix just made it easier to engage with your website visitors | usagoldmines.com
Anker’s tipped next wireless power bank could be the iPhone’s best MagSafe option yet jamie.richards...
AI helps ID paint chemistry of Berlin Wall murals Jennifer Ouellette | usagoldmines.com
Sending files from iPhone to Windows just got a lot faster and easier | usagoldmines.com
How GPU hardware acceleration works with Linux | usagoldmines.com
Get this Dell laptop with Core i5 for the super-budget price of $300 | usagoldmines.com
Samsung’s 34-inch 1440p ultrawide monitor drops 42% to its best price ever | usagoldmines.com
Android XR is Official as Google’s Extended Reality Platform, Samsung Shows Off First Headset Kellen...
How to Browse the Dark Web David Nield | usagoldmines.com
What People Are Getting Wrong This Week: CEO Shooter Conspiracy Theories Stephen Johnson | usagoldmi...
AirPods Pro 2 Hearing Aid and Hearing Test Features Approved to Launch in Canada Joe Rossignol | usa...
Apple Watch Ultra 2 Drops to $719.00 Low Price on Amazon With Christmas Delivery Mitchel Broussard |...
Apple Expands iPhone Driver's License Feature to 10th Location Joe Rossignol | usagoldmines.com
Four key steps to creating a DEX Operations Centre | usagoldmines.com
Gemini 2.0 is here, as Google continues push towards agentic AI | usagoldmines.com
Google and Samsung reveal Project Moohan mixed-reality headset and Android XR, 'the first platform b...
Hollow Knight Silksong - everything we know | usagoldmines.com
Dune Awakening - everything we know so far | usagoldmines.com
Phantom Blade Zero - everything we know so far | usagoldmines.com
Apple TV Plus scores the streaming rights to All of You, a sci-fi romance from the co-creator of Shr...
Assassin's Creed Shadows' new combat overview details how skills, offensive attacks, and weapons are...
In an odd bit of propaganda, Belarus claims to have its own Starlink technology Eric Berger | usagol...
YouTube TV is hiking prices again after denying “erroneous” report days ago Kevin Purdy | usagoldmin...
Weight loss drugs may also treat addiction, Alzheimer’s, and heart disease Ian Johnston and Michael ...
Intel Arc B580 review: The first worthy budget GPU of the decade | usagoldmines.com
Adobe Acrobat Pro review: Still the gold standard | usagoldmines.com
The Windows 11 24H2 update is no longer blocked on these PCs | usagoldmines.com
YouTube TV Raises Price Yet Again, This Time to $82.99 in January Kellen | usagoldmines.com
You Should Plan Your 2025 Travel During These 'Dead Weeks' Emily Long | usagoldmines.com
You Can Get the Sonos Ace Wireless Headphones for Their Lowest Price Ever Right Now Pradershika Shar...
BMW’s iconic M3 is going electric – and I hope battery packs and e-motors don't destroy what makes i...
Assassin's Creed Infinity - everything we know so far | usagoldmines.com
Want to remove information about yourself online? You're not alone | usagoldmines.com
From gut feeling to data-driven strategy: AI’s role in holiday retail success | usagoldmines.com
This devious new malware technique looks to hijack Windows itself to avoid detection | usagoldmines...
Independent auditors confirm Mullvad VPN as secure chiara.castro@futurenet.com (Chiara Castro) | usa...
What is phishing and how dangerous is it? | usagoldmines.com
Garmin's 2024 data revealed – find out how good your stress and sleep scores are now stephen.warwick...
Intel Arc B580 review: The first worthy budget GPU of the decade | usagoldmines.com
Pokemon TCG Pocket Gets First Expansion Called “Mythical Island” on December 17 Kellen | usagoldmine...
Apple Just Patched These 20 Security Vulnerabilities With iOS 18.2 Jake Peterson | usagoldmines.com
Why a Chest Strap Is the Best Way to Track Your Heart Rate During Exercise Beth Skwarecki | usagoldm...
iOS 18 Updates Continue to Cause Delays in Apple's iOS 19 Plans Tim Hardwick | usagoldmines.com
Sony reveals that the transition of players from PS4 to PS5 is 'trending well' but doesn't see a 'ma...
I can’t keep track of all the Yellowstone spin-offs on Paramount Plus and yet another is reportedly ...
You've got more time – the great Google Maps Timeline switch gets a new deadline date | usagoldmine...
Krispy Kreme orders across the US disrupted after cyberattack | usagoldmines.com
Apple might have ditched plans for an M4 Extreme chip in favor of AI - and I think that's for the be...
Whoops! Apple seemingly just leaked its M4 MacBook Airs thanks to the macOS 15.2 update matthew.hans...
Microsoft announces that Xbox Insiders with Game Pass Ultimate can now stream select games on consol...
Samsung Galaxy S25 Ultra predicted colors: every rumored shade | usagoldmines.com
Thousands of Bitcoin ATM users may have personal data leaked after breach | usagoldmines.com
Mike Flanagan has written a Clayface movie and I can't wait to see his take on an underrated Batman ...
NASA’s boss-to-be proclaims we’re about to enter an “age of experimentation” Stephen Clark | usagold...
Major iPhone 17 Pro Redesign Backed by Supply Chain Info, Claims Leaker Tim Hardwick | usagoldmines....
Rising to the TOPS: How will NPUs and Windows AI grow in 2025? | usagoldmines.com
I’m a Windows guy. This little-known feature makes Macs more tolerable | usagoldmines.com
iOS 18.2 Mail Sorting Features Strangely Absent on iPad and Mac Tim Hardwick | usagoldmines.com
Thanks to Natural Language Search, your HomePod can now play you songs about cats | usagoldmines.co...
Workers are being punished for ignoring AI advice – even when they know better | usagoldmines.com
Final's new flagship headphones are incredible, and incredibly expensive | usagoldmines.com
Bad news, Blu-ray fans: LG just discontinued its entire range of 4K Blu-ray players and I’m really w...
Back where it started: “Do Not Track” removed from Firefox after 13 years Kevin Purdy | usagoldmines...
Leak seems to reveal that Epic Games Store will offer 16 free games for the holidays dash.wood@futur...
Sony confirms its intention to acquire FromSoftware parent company Kadokawa, but one analyst says th...
The Astro Bot Winter Wonder update is coming this week, adding a new Christmas-themed level and more...
The iPhone 17 could inherit the Pixel 9’s most distinctive design feature | usagoldmines.com
Microsoft will still let Windows 11 users send a fax, should they ever want that | usagoldmines.com
Got a Windows 11 gaming handheld like the Asus ROG Ally? You’re going to appreciate the changes Micr...
Data management and quality are falling short when it comes to what's needed for AI adoption | usag...
Microsoft finally delivers AirDrop-style file sharing between iPhones and PCs – here's how it works ...
Your Google Docs work may be about to be more beautiful than ever before | usagoldmines.com
IT decision makers are blindly trusting suppliers and wasting tech, research shows | usagoldmines.c...
iOS 18.2: Take a Hearing Test With AirPods Pro 2 Tim Hardwick | usagoldmines.com
OpenAI shows us how Apple Intelligence works with ChatGPT, which then promptly crashes erichs211@gma...
Europol announces takedown of major DDoS-for-hire network benedict.collins@futurenet.com (Benedict C...
Creature Commandos episode 3 proves James Gunn won't be afraid to kill his DCU darlings – the Max sh...
Best laptops 2024: Premium, budget, gaming, 2-in-1s, and more | usagoldmines.com
This high speed flash drive with USB-C and USB-A connections could make cloud storage obsolete | us...
Google says its next data centers will be built alongside wind and solar farms | usagoldmines.com
Dodge keeps true to its roots with the first electric Charger muscle car Jonathan M. Gitlin | usagol...
No, you can't run Windows on its tiny screen; minuscule mini PC has built-in display, fingerprint re...
The Best Free Way to Get Around a Paywall to Read an Article (and a Few More Methods to Try) Pranay ...
For the First Time, You’ll Be Able to Stream the Oscars Elizabeth Yuko | usagoldmines.com
Three Great Deals on iPads That Will Arrive Before Christmas Daniel Oropeza | usagoldmines.com
Seven Custom Lists I Use on My Hearth Display (and How to Make Them) Jordan Calhoun | usagoldmines.c...
Quordle today – my hints and answers for Thursday, December 12 (game #1053) | usagoldmines.com
NYT Strands today — my hints, answers and spangram for Thursday, December 12 (game #284) | usagoldm...
NYT Connections today — my hints and answers for Thursday, December 12 (game #550) | usagoldmines.c...
ChatGPT and Sora are down – here’s what you need to know about OpenAI's outage jacob.krol@futurenet....
Best PC computer holiday deals: Top picks from desktops to all-in-ones | usagoldmines.com

Leave a Reply