Apple fixed a phishing vulnerability in the iOS 18.2 Passwords app that left users exposed for three months. The bug, discovered by security researchers at Mysk, allowed attackers on the same Wi-Fi network to redirect users to fake phishing sites by exploiting unencrypted requests for website icons.
Apple addressed the issue by enforcing HTTPS encryption in iOS, iPadOS, macOS and Vision Pro updates after being alerted in September.
Source: The Verge