Apple has revealed a Passwords app vulnerability that lasted for months

Another sus thing about this Password app is what “App Privacy Report” shows.<p>Sometimes it would increment counters for visited sites without you using the app, which likely means that sites are able to track you if you have an entry in Passwords.<p>Alternatively, some sites do not show up in logs even though icon shows up for a site&#x2F;password entry.

&gt; Apple has revealed a Passwords app vulnerability that lasted for months<p>And what is the news here ? Apple fixes vulnerabilities only after they are discovered by others.

1password proxies the favicon requests I think

Was that that big of a problem? I actually did notice that when occasionally LittleSnitch would alert me that Passwords wants to connect over port 80. It definitely made me look and I found it a little bit odd to not use https, but didn&#x27;t think too much of it as it always looked like it was only to fetch a favicon.