Despite the severity of the issue, Apple did not provide additional comments or details when approached by reporters.

Apple acknowledged the severity of this vulnerability, admitting it may have been exploited in sophisticated attacks targeting older operating system versions.

While the Passwords app typically redirects HTTP requests to secure HTTPS, the flaw allowed for interception before this redirection occurred, particularly on compromised networks.

Users are advised to change passwords for sensitive accounts if they have logged in via links from the Passwords app, which was affected by this vulnerability.

Cybersecurity experts are urging Apple device users to act quickly and install timely updates to secure their data against vulnerabilities.

A recently discovered vulnerability, which remained undetected since September 2024, allowed attackers to exploit unencrypted Wi-Fi connections to steal sensitive information, including passwords.

Although the patch for this vulnerability was released in December 2024, Apple only disclosed the issue publicly on March 17, 2025, raising concerns about their communication of security flaws.

Security analyst Georgia Cooke criticized this oversight as a significant failure in basic security protocols, emphasizing the need for encrypted communication protocols.

This incident reflects a broader trend among tech companies to enhance security measures as user concerns about data safety continue to grow.

To mitigate risks, Cooke suggests keeping devices updated, using virtual private networks, and avoiding sensitive actions on public Wi-Fi.

Security researcher Mysk demonstrated the exploit by capturing user credentials through a fake Microsoft Live.com site, highlighting the flaw's potential for misuse.

The updates released aim to protect iPhone and iPad users from potential data breaches that could arise from this security flaw.