According to the article, for purposes of users here “vulnerable” = past tense.
As long as their Apple devices have been updated, and they aren’t connecting to a vulnerable router, and they aren’t using certain Kindles and Echos and Samsung phones and…
It was patched by Apple last October, and as the article notes, “most sensitive communications in 2020 are already encrypted, usually with the transport layer security protocol or by other methods. A glaring exception to this is domain name lookups, which, unless a computer is using DNS over HTTPS or DNS over TLS, are sent entirely over plaintext. Hackers who viewed these requests would be able to learn what domain names users were accessing.” And “Even if a vulnerable device is communicating over HTTP or another unencrypted channel, hackers could recover only several kilobytes of the data flowing over it at any one time. It’s doubtful attackers could time the disassociations in a way that would ensure passwords or other sensitive information would be captured” - so unless you’re using Telnet or unencrypted FTP, there shouldn’t be any unencrypted passwords being transmitted.
Time to freak out? Nah.
Clickbait - Clickbait - Clickbait -Clickbait