Apple's Passwords App Security Flaw Was Potentially There 'for Years'

The problem was fixed by using HTTPS when sending information over the web link, the tech giant said.

“iPhone users were vulnerable to phishing attacks for years, not months,” Mysk tweeted.

That said, the likelihood of someone falling victim to this bug is very low.

The video highlights how an attacker with data pipe access could intercept and redirect requests to a malicious site.

Apple didn’t respond to a request for comment about the issue or provide further details.

“Yes, it feels like doing charity work for a $3 trillion company,” the companytweeted.

“We didn’t do this primarily for money, but this shows how Apple appreciates independent researchers.

We had spent a lot of time since September 2024 trying to convince Apple this was a bug.

We’re glad it worked.

And we’d do it again.”

“It’s a hell of a slip from Apple, really,” Cooke said.

That said, it’s a good reminder of why keeping your devices updated regularly is so important.