As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.
As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.