IOOS passwords applying that means that iphone Users were vulnerable to potential hunting attacks after they were identified after years.
In a note on her security pageApple described the problem as “might” be used in the distinctive network position capable of leaking sensitive information. “The problem was fixed using HTTPs when sending information over the network, as the technology giant said.
The error, which was first discovered by security researchers in MySK, was reported in September, but it appears that it has not been installed for several months. In Wednesday’s tweet, Mesc said The Apple HTTP passwords have been used uninterrupted by default since the feature of discovering the risk password at iOS 14, which was released again in 2020.
“IPhone users have been vulnerable to hunting attacks for years, not months,” Tweet Mesc. “IOS 18 passwords application was a re -mobilization of the old password manager who was in the settings, and he was carried on all errors.”
However, the possibility of someone is a victim of this error is very low. The error has also been addressed in safety updates for other products, including Mac, IPAD and Vision Pro.
In a comment a YouTube video Posted by mysk that highlights the problem, and the researchers showed how iOS 18 passwords opened links and downloaded account icons via unsafe HTTP by default, making it vulnerable to hunting attacks. The video highlights how the attacker who enjoys access to the network and redirects requests to a harmful site.
according to 9to5macThe problem arises a problem when the attacker is on the same network as the user, as in the cafe or airport, and the HTTP request is objecting before it is reinstated.
Apple did not respond to a request to comment on the problem or provide more details.
Maysk said that the discovery of the error was not qualified to obtain a financial reward because it did not fulfill the criteria of influence or fall in any of the qualified groups.
“Yes, it seems to be a charitable work for a company worth $ 3 trillion,” the company Tweet. “We didn’t do it mainly for money, but this shows how Apple appreciates independent researchers. We spent a lot of time since September 2024 in an attempt to persuade Apple that this was a mistake. We are happy that we have succeeded. We will do it again.”
A possible security slip
Georgia Cook, ABI Research, described the issue as “not a small insect.”
Cook said: “It is a hell from Apple, really,” Cook said. “For the user, this is the weakness that shows failure in the basic safety protocols, which displays it in the form of a long -term attack that requires a limited development.”
According to Cook, most people may not encounter this problem because it requires a specific set of conditions, such as choosing your login update from A. Password DirectorDo this on a public network and not notice whether you are redirected. However, it is a good reminder of the reason for updating your devices regularly.
She added that people can take additional steps to protect themselves from these types of weaknesses, especially on joint networks. This includes the traffic of the router through Virtual private networkAvoid sensitive transactions such as the general Wi-Fi network changes and not re-use passwords.
https://www.cnet.com/a/img/resize/ac0525ddbaaf5ebfa8c769cc039795ddfc8b837d/hub/2024/04/15/5959fc3c-6310-47a6-9a2a-3b8770ba53c1/apple-privacy.jpg?auto=webp&fit=crop&height=675&width=1200
Source link