Apple Passwords app affected by critical bug — update to iOS 18.2 now

News
By published

iPhones and iPads could be compromised by a malicious attack without this update

Software Update menu on iPhone showing iOS 18.2 ready to download
(Image credit: Tom's Guide)

If you have an iPhone or iPad, you should update to iOS 18.2 now. Go ahead, we’ll wait. While it’s downloading, let us tell you about a critical flaw in Apple's Passwords app that needs to be patched immediately.

In iOS 18, Apple revealed the Passwords app which is a built-in password manager for all your login data. Recently though, a pair of security researchers on X shared a vulnerability they found in the way the Passwords app has been communicating with external websites.

The Passwords app is using unencrypted HTTP to download icons for password entries. This means that the app is communicating with the internet in an unsafe manner – every time it reaches out to a website to collect a visual icon to associate with a password entry, it opens itself up to a possible attack from a malicious network that could have instead sent back a faulty file. Those files could be a “malicious payload” containing malware delivered right to your phone.

Even if you’ve done everything right when setting up Apple's built-in password manager, this bug would still leave you vulnerable to hackers. However, by maintaining best practices on your own and installing updates as soon as they’re available, you can make sure you’re protected.

The rest of the iOS 18.2 update contains other features including an Apple Intelligence upgrade, with a new ChatGPT integration with Siri and additional Image Playground features.

How to stay safe

First off, obviously you’re going to want to update your iPhone to iOS 18.2. To do that go to Settings > General > Software Update where you should see iOS 18.2 and a description, from there you should then be able to tap Update Now to begin installing it.

Though Apple doesn’t have an iOS equivalent of the best Android antivirus apps due to its malware scanning restrictions, there are still some options. For example, some of the best Mac antivirus software from Intego will allow you to scan an iPhone or iPad for malware if you connect the device to a Mac via USB. Likewise, you could forego using Apple Passwords and pick up one of the best password managers instead if you want.

Hackers love to target users running outdated software which is why you're going to want to download and install iOS 18.2 immediately if you haven't done so already.

More from Tom's Guide

See more Computing News
Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

Read more
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
Passwords app on iPhone next to iOS 18 logo
iOS 18.4 just got a handy security upgrade that will make your life easier
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
Galaxy S25 Plus held in the hand.
Samsung could delay One UI 7’s release in the US — here’s what we know
Claude AI on phone sitting on keyboard
Claude 3.7 Sonnet now supports real-time web searching — but there's a catch
Nintendo Switch 2
Nintendo Switch 2 pre-order date just tipped — here's when you might be able to buy
Apple iPhone 16 & 16 Plus hands-on.
iPhone 17 just tipped for this long overdue Pro feature in new report
Android 16 screen-off fingerprint unlock in Settings menu
Android 16's latest beta lets all Pixel users unlock their phone more easily — here’s how
Max Rockatansky (Tom Hardy) stands on the hood of a car with an explosion behind him in a promotional still for Warner Bros. "Mad Max:Fury Road"
One of the best action movies ever made is leaving Netflix very soon — here's your last day to stream 'Mad Max: Fury Road'
More about online security
A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
Hacker using a stolen social security card

Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
Claude AI on phone sitting on keyboard

Claude 3.7 Sonnet now supports real-time web searching — but there's a catch
See more latest
Most Popular
Claude AI on phone sitting on keyboard
Claude 3.7 Sonnet now supports real-time web searching — but there's a catch
Galaxy S25 Plus held in the hand.
Samsung could delay One UI 7’s release in the US — here’s what we know
A collage of items on sale from Amazon's Big Spring Sale
Amazon Big Spring Sale LIVE — here’s the deals I think are Prime Day worthy
Apple iPhone 16 & 16 Plus hands-on.
iPhone 17 just tipped for this long overdue Pro feature in new report
Max Rockatansky (Tom Hardy) stands on the hood of a car with an explosion behind him in a promotional still for Warner Bros. "Mad Max:Fury Road"
One of the best action movies ever made is leaving Netflix very soon — here's your last day to stream 'Mad Max: Fury Road'
De'Longhi Linea Classic
De'Longhi's timeless new Linea Classic espresso machine is shockingly affordable, and ideal for small kitchens
Nintendo Switch 2
Nintendo Switch 2 pre-order date just tipped — here's when you might be able to buy
nvidia rtx 50 series
RTX 5060 Ti release date just tipped for April 16 — HP seemingly confirms Nvidia's next-gen GPUs
Foldable iPhone concept image
Apple's foldable 'iPhone Flip' tipped for release in 2026 with a familiar design and iPhone 17 Air features
Android 16 screen-off fingerprint unlock in Settings menu
Android 16's latest beta lets all Pixel users unlock their phone more easily — here’s how