As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
this post was submitted on 18 Mar 2025
112 points (97.5% liked)
Technology
66975 readers
3806 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
This is the reason to use a VPN. Not to protect your identity, or to watch region-locked content, but to remove the need to blindly trust developers to always use best practice, and/or blindly trust the strangers that you share public networks with.
You have to instead blindly trust the company that runs the VPN, though. Some of them intentionally obscure who owns the VPN service given they're often used for things like P2P and spam, and the larger VPN providers (the ones that you see commonly advertised online) aren't always truthful in their advertising.
The best VPN is one you run yourself. If you're on an insecure network like a coffee shop, you can route traffic through a known secure network like your home or a VPS/server you rent. It's very easy to do with Tailscale.