Apple closed the security vulnerability in passwords months after months

109
Apple closed the security vulnerability in passwords months after months
In September 2024, Apple launched the iOS 18 and new passwords. The Passwords application used the less secure HTTP protocol, not HTTPS when opening or bringing icons. This meant that the malicious person in a privileged network could cut HTTP request and direct the user to a fake website and collect login information. Security Research Company Mysk revealed this problem and reported to Apple in September. However, Apple left this security deficit open until the iOS 18.2 update.

The security vulnerability in passwords application was closed with iOS 18.2

Nowadays, most modern websites allow unpotted HTTP connections, but automatically direct them to HTTPS using 301 redirects. Before the iOS 18.2 update, the Passwords application also directed requests from HTTP to HTTPS. Under normal circumstances, it can be thought that this is not a problem because password changes occur on a encrypted page and the identity information is not sent as straight text. However, when the attacker is connected to the same network (ie Starbucks, Airport or Hotel Wi-Fi) and blocks the first HTTP request before guiding. It is possible to manipulate traffic in several ways. How to take place in the video:

Apple closed this security vulnerability with the iOS 18.2 and iPados 18.2 update in December, but the Apple Security Updates page has just mentioned that there was such a security vulnerability.

Huawei Nova 13 Series Review

Huawei Nova 13 Series Review

Everyone may be accustomed to not paying attention to the front camera as much as the rear cameras in the phone market, but Huaweı will now break this prejudice with the Nova 13 Series. Nova 13 Pro from Nova 13 series is extremely ambitious in selfie mode with two front cameras.

wifi_lock Bu yazıya yorum yapılması editör tarafından yasaklanmıştır, anlayışınız için teşekkürler.