Apple Passwords app affected by critical bug — update to iOS 18.2 now

News
By
published

iPhones and iPads could be compromised by a malicious attack without this update

Software Update menu on iPhone showing iOS 18.2 ready to download
(Image credit: Tom's Guide)

If you have an iPhone or iPad, you should update to iOS 18.2 now. Go ahead, we’ll wait. While it’s downloading, let us tell you about a critical flaw in Apple's Passwords app that needs to be patched immediately.

In iOS 18, Apple revealed the Passwords app which is a built-in password manager for all your login data. Recently though, a pair of security researchers on X shared a vulnerability they found in the way the Passwords app has been communicating with external websites.

The Passwords app is using unencrypted HTTP to download icons for password entries. This means that the app is communicating with the internet in an unsafe manner – every time it reaches out to a website to collect a visual icon to associate with a password entry, it opens itself up to a possible attack from a malicious network that could have instead sent back a faulty file. Those files could be a “malicious payload” containing malware delivered right to your phone.

Even if you’ve done everything right when setting up Apple's built-in password manager, this bug would still leave you vulnerable to hackers. However, by maintaining best practices on your own and installing updates as soon as they’re available, you can make sure you’re protected.

The rest of the iOS 18.2 update contains other features including an Apple Intelligence upgrade, with a new ChatGPT integration with Siri and additional Image Playground features.

How to stay safe

First off, obviously you’re going to want to update your iPhone to iOS 18.2. To do that go to Settings > General > Software Update where you should see iOS 18.2 and a description, from there you should then be able to tap Update Now to begin installing it.

Though Apple doesn’t have an iOS equivalent of the best Android antivirus apps due to its malware scanning restrictions, there are still some options. For example, some of the best Mac antivirus software from Intego will allow you to scan an iPhone or iPad for malware if you connect the device to a Mac via USB. Likewise, you could forego using Apple Passwords and pick up one of the best password managers instead if you want.

Hackers love to target users running outdated software which is why you're going to want to download and install iOS 18.2 immediately if you haven't done so already.

More from Tom's Guide

Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.