If you have an iPhone or iPad, you should update to iOS 18.2 now. Go ahead, we’ll wait. While it’s downloading, let us tell you about a critical flaw in Apple's Passwords app that needs to be patched immediately.
In iOS 18, Apple revealed the Passwords app which is a built-in password manager for all your login data. Recently though, a pair of security researchers on X shared a vulnerability they found in the way the Passwords app has been communicating with external websites.
The Passwords app is using unencrypted HTTP to download icons for password entries. This means that the app is communicating with the internet in an unsafe manner – every time it reaches out to a website to collect a visual icon to associate with a password entry, it opens itself up to a possible attack from a malicious network that could have instead sent back a faulty file. Those files could be a “malicious payload” containing malware delivered right to your phone.
Even if you’ve done everything right when setting up Apple's built-in password manager, this bug would still leave you vulnerable to hackers. However, by maintaining best practices on your own and installing updates as soon as they’re available, you can make sure you’re protected.
The rest of the iOS 18.2 update contains other features including an Apple Intelligence upgrade, with a new ChatGPT integration with Siri and additional Image Playground features.
How to stay safe
First off, obviously you’re going to want to update your iPhone to iOS 18.2. To do that go to Settings > General > Software Update where you should see iOS 18.2 and a description, from there you should then be able to tap Update Now to begin installing it.
Though Apple doesn’t have an iOS equivalent of the best Android antivirus apps due to its malware scanning restrictions, there are still some options. For example, some of the best Mac antivirus software from Intego will allow you to scan an iPhone or iPad for malware if you connect the device to a Mac via USB. Likewise, you could forego using Apple Passwords and pick up one of the best password managers instead if you want.
Hackers love to target users running outdated software which is why you're going to want to download and install iOS 18.2 immediately if you haven't done so already.
