Apple Patches Zero-Click Exploit Threatening Crypto Users

Apple is urging users to immediately update their devices to patch a zero-click vulnerability that allowed attackers to compromise iPhones, iPads and Macs, a flaw posing heightened risks for cryptocurrency holders.

In a Thursday advisory, Apple said the image processing vulnerability allowed sophisticated actors to compromise Apple devices. The vulnerability disclosure page notes that it was fixed as part of the macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2 updates.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.

Cybersecurity experts warned the flaw is particularly dangerous for those in crypto, since they are significantly more exposed to cyberattacks. Access to crypto-integrated systems directly leads to financial gains through irreversible transactions for the attacker, resulting in highly motivated actors targeting this category.

Juliano Rizzo, founder and CEO at cybersecurity firm Coinspect, told Cointelegraph that this is a zero-click vulnerability that does not require user interaction and “an attachment delivered via iMessage can be processed automatically and lead to device compromise.” Attackers could potentially leverage access to the device to reach wallet data.

Related: Bitcoiner loses $91M in social engineering attack: ZachXBT

Apple vulnerability details

The vulnerability affects Apple’s Image I/O framework, which allows applications to read and write most image file formats. Due to improper implementation, processing a malicious image allows for out-of-bounds memory write access.

In other words, attackers can leverage this vulnerability to write to areas of a device’s memory that should be inaccessible. Such an issue, in the hands of a particularly sophisticated attacker, can compromise device security by allowing attackers to execute code on targeted devices.

A device’s memory holds all the programs currently being executed, including critical ones. Being able to write to memory outside the authorized scope allows attackers to alter how other programs operate and execute their own instructions.

Related: Ethereum core dev’s crypto wallet drained by malicious AI extension

Advice for crypto holders

Rizzo advised high-value targets who used vulnerable devices for key storage or signing to migrate to new wallet keys if there is any sign of compromise or “if there’s any evidence of targeting” on the device storing the credentials:

“The exact steps depend on the attack specifics, but the key is to stay calm, document a clear plan, and start by securing primary accounts (email, cloud) that attackers could exploit for password resets or further access. Patching is critical, but waiting for updates to finish should never delay immediate account lockdown.”

For average individuals, Rizzo noted that “checking system logs could in theory show anomalies, but in practice this data is hard to interpret.” He said that vendors like Apple are well-positioned to detect exploitation and contact victims directly.