> Apple has revealed a Passwords app vulnerability that lasted for months
And what is the news here ? Apple fixes vulnerabilities only after they are discovered by others.
1password proxies the favicon requests I think
Was that that big of a problem? I actually did notice that when occasionally LittleSnitch would alert me that Passwords wants to connect over port 80. It definitely made me look and I found it a little bit odd to not use https, but didn't think too much of it as it always looked like it was only to fetch a favicon.
Another sus thing about this Password app is what “App Privacy Report” shows.
Sometimes it would increment counters for visited sites without you using the app, which likely means that sites are able to track you if you have an entry in Passwords.
Alternatively, some sites do not show up in logs even though icon shows up for a site/password entry.