Apple just patched a security flaw left users open to phishing attacks

By Patrick Hearn Published March 19, 2025

Apple just shared news that a new security update is available that patches a critical vulnerability in the Apple Password App. If you haven’t yet updated your phone to the latest version of iOS, now’s a good time — it will prevent you from falling victim to previously unknown security flaws.

The security flaw allowed bad actors to access stored usernames and passwords. The Apple Password App makes it easy to quickly log in to a website using stored credentials, but it should only work over a secured network; in other words, the URL should begin with “HTTPS.” Security researchers first discovered the problem when more than 130 insecure websites (those that only used HTTP) had connected with the Password App.

Without proper verification in place, an attack could redirect a user to nearly identical websites designed to steal user credentials. Thankfully, the most recent patch corrects the problem by ensuring the Password app only uses HTTPS connections by default. That said, your iPhone needs to use at least iOS 18.2 or later.

You should aim to use the latest version of iOS whenever possible. Version 18.3.2 also addressed a security flaw that left iPhone users vulnerable to attack. While most operating system updates add new features, many address unintended glitches that pose a risk to the end user.

While it might not always be convenient to update the OS — especially if your phone’s storage is nearly maxed out and you have to free up space to download the update — it’s a good idea to do so, as it keeps your device more secure and protects your personal information from those that would seek to profit off it.